research-article

Data Quality Challenges and Future Research Directions in Threat Intelligence Sharing Practice

Authors:

Christian Sillaber,

Clemens Sauerwein,

Andrea Mussmann,

Ruth BreuAuthors Info & Claims

WISCS '16: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security

Pages 65 - 70

https://doi.org/10.1145/2994539.2994546

Published: 24 October 2016 Publication History

Abstract

In the last couple of years, organizations have demonstrated an increased willingness to participate in threat intelligence sharing platforms. The open exchange of information and knowledge regarding threats, vulnerabilities, incidents and mitigation strategies results from the organizations' growing need to protect against today's sophisticated cyber attacks. To investigate data quality challenges that might arise in threat intelligence sharing, we conducted focus group discussions with ten expert stakeholders from security operations centers of various globally operating organizations. The study addresses several factors affecting shared threat intelligence data quality at multiple levels, including collecting, processing, sharing and storing data. As expected, the study finds that the main factors that affect shared threat intelligence data stem from the limitations and complexities associated with integrating and consolidating shared threat intelligence from different sources while ensuring the data's usefulness for an inhomogeneous group of participants.Data quality is extremely important for shared threat intelligence. As our study has shown, there are no fundamentally new data quality issues in threat intelligence sharing. However, as threat intelligence sharing is an emerging domain and a large number of threat intelligence sharing tools are currently being rushed to market, several data quality issues -- particularly related to scalability and data source integration -- deserve particular attention.

References

[1]

J. K. Brilhart and G. J. Galanes. Effective group discussion. McGraw-Hill Humanities, Social Sciences & World Languages, 1992.

[2]

S. Brown, J. Gommers, and O. Serrano. From cyber security information sharing to threat management. In Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, pages 43--49. ACM, 2015.

Digital Library

[3]

J. L. Campbell, C. Quincy, J. Osserman, and O. K. Pedersen. Coding in-depth semistructured interviews problems of unitization and intercoder reliability and agreement. Sociological Methods & Research, 2013.

[4]

L. Dandurand and O. S. Serrano. Towards improved cyber security information sharing. In Cyber Conflict (CyCon), 2013 5th International Conference on, pages 1--16. IEEE, 2013.

[5]

S. Fenz, J. Heurix, T. Neubauer, and F. Pechstein. Current challenges in information security risk management. Information Management & Computer Security, 22(5):410--430, 2014.

[6]

F. Fransen, A. Smulders, and R. Kerkdijk. Cyber security information exchange to gain insight into the effects of cyber threats and incidents. e & i Elektrotechnik und Informationstechnik, 132(2):106--112, 2015.

[7]

E. V. D. HEUVEL and G. K. Baltink. Coordination and cooperation in cyber network defense: the dutch efforts to prevent and respond. Best Practices in Computer Network Defense: Incident Detection and Response, 35:121, 2014.

[8]

P. Kampanakis. Security automation and threat information-sharing options. Security & Privacy, IEEE, 12(5):42--51, 2014.

[9]

M. Kert, J. Lopez, M. Evangelos, and B. Preneel. State-of-the-art of secure ict landscape. Technical report, ENISA - NIS Platform - Working Group 3, 2014.

[10]

K. Louise Barriball and A. While. Collecting data using a semi-structured interview: a discussion paper. Journal of advanced nursing, 19(2):328--335, 1994.

[11]

L. Marinos and A. Sfakianakis. Enisa threat landscape-responding to the evolving threat environment. ENISA (The European Network and Information Security Agency)(September 2012), 2012.

[12]

R. A. Martin. Making security measurable and manageable. In Military Communications Conference, 2008. MILCOM 2008. IEEE, pages 1--9. IEEE, 2008.

[13]

P. Mayring and M. Glaser-Zikuda. Die Praxis der Qualitativen Inhaltsanalyse. Beltz Weinheim, 2008.

[14]

A. Miller, R. Horne, and C. Porter. 2015 information security breaches survey. Technical report, PWC, 2015.

[15]

S. Murdoch and N. Leaver. Anonymity vs. trust in cyber-security collaboration. In Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, pages 27--29. ACM, 2015.

Digital Library

[16]

L. L. Pipino, Y. W. Lee, and R. Y. Wang. Data quality assessment. Commun. ACM, 45(4):211--218, Apr. 2002.

Digital Library

[17]

PWC. The global state of information security® survey 2016. Technical report, PWC, 2016.

[18]

O. Serrano, L. Dandurand, and S. Brown. On the design of a cyber security data sharing system. In Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security, pages 61--69. ACM, 2014.

Digital Library

[19]

J. Steinberger, A. Sperotto, M. Golling, and H. Baier. How to exchange security events? overview and evaluation of formats and protocols. In Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on, pages 261--269. IEEE, 2015.

[20]

D. S. Vogt, D. W. King, and L. A. King. Focus groups in psychological assessment: enhancing content validity by consulting members of the target population. Psychological assessment, 16(3):231, 2004.

[21]

A. Zaveri, A. Rula, A. Maurino, R. Pietrobon, J. Lehmann, S. Auer, and P. Hitzler. Quality assessment methodologies for linked open data. Submitted to Semantic Web Journal, 2013.

Cited By

Geras TSchreck T(2024)The "Big Beast to Tackle": Practices in Quality Assurance for Cyber Threat IntelligenceProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678903(337-352)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678903
Sakellariou GFouliras PMavridis I(2024)A Methodology for Developing & Assessing CTI Quality MetricsIEEE Access10.1109/ACCESS.2024.335110812(6225-6238)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3351108
Irshad ESiddiqui A(2024)Context-aware cyber-threat attribution based on hybrid featuresICT Express10.1016/j.icte.2024.04.00510:3(553-569)Online publication date: Jun-2024
https://doi.org/10.1016/j.icte.2024.04.005
Show More Cited By

Index Terms

Data Quality Challenges and Future Research Directions in Threat Intelligence Sharing Practice
1. Security and privacy

Recommendations

From Threat Data to Actionable Intelligence: An Exploratory Analysis of the Intelligence Cycle Implementation in Cyber Threat Intelligence Sharing Platforms
ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

In the last couple of years, organizations have demonstrated an increasing willingness to share data, information and intelligence regarding emerging threats to collectively protect against today’s sophisticated cyber attacks. Accordingly, several ...
Cyber threat intelligence sharing: Survey and research directions
Abstract
Cyber Threat Intelligence (CTI) sharing has become a novel weapon in the arsenal of cyber defenders to proactively mitigate increasing cyber attacks. Automating the process of CTI sharing, and even the basic consumption, has raised new ...
Current approaches and future directions for Cyber Threat Intelligence sharing: A survey
Abstract
Cyber Threat Intelligence (CTI) is essential knowledge concerning cyber and physical threats aimed at mitigating potential cyber attacks. The rapid evolution of Information and Communications Technology (ICT), the Internet of Things (IoT), and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WISCS '16: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security

October 2016

88 pages

ISBN:9781450345651

DOI:10.1145/2994539

General Chairs:
Stefan Katzenbeisser
TU Darmstadt and CASED, Germany
,
Edgar Weippl
SBA Research, Austria
,
Program Chairs:
Erik-Oliver Blass
Airbus Group Innovations, Germany
,
Florian Kerschbaum
SAP, Germany

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

QE LaB - Living Models for Open Systems

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 24, 2016

Vienna, Austria

Acceptance Rates

WISCS '16 Paper Acceptance Rate 8 of 24 submissions, 33%;

Overall Acceptance Rate 23 of 58 submissions, 40%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

59
Total Citations
View Citations
1,432
Total Downloads

Downloads (Last 12 months)99
Downloads (Last 6 weeks)16

Reflects downloads up to 23 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Geras TSchreck T(2024)The "Big Beast to Tackle": Practices in Quality Assurance for Cyber Threat IntelligenceProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678903(337-352)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678903
Sakellariou GFouliras PMavridis I(2024)A Methodology for Developing & Assessing CTI Quality MetricsIEEE Access10.1109/ACCESS.2024.335110812(6225-6238)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3351108
Irshad ESiddiqui A(2024)Context-aware cyber-threat attribution based on hybrid featuresICT Express10.1016/j.icte.2024.04.00510:3(553-569)Online publication date: Jun-2024
https://doi.org/10.1016/j.icte.2024.04.005
Chen SHwang RAli ALin YWei YPai T(2024)Improving quality of indicators of compromise using STIX graphsComputers & Security10.1016/j.cose.2024.103972144(103972)Online publication date: Sep-2024
https://doi.org/10.1016/j.cose.2024.103972
Kumar MEpiphaniou GMaple C(2024)Comprehensive Threat Analysis in Additive Manufacturing Supply Chain: A Hybrid Qualitative and Quantitative Risk Assessment FrameworkProduction Engineering10.1007/s11740-024-01283-118:6(955-973)Online publication date: 9-May-2024
https://doi.org/10.1007/s11740-024-01283-1
Nguyen LDuc DDang TNguyen D(2023)Metaverse Banking Service: Are We Ready to Adopt? A Deep Learning-Based Dual-Stage SEM-ANN AnalysisHuman Behavior and Emerging Technologies10.1155/2023/66173712023(1-23)Online publication date: 19-Sep-2023
https://doi.org/10.1155/2023/6617371
Sun JXing ZXia XLu QXu XZhu L(2023)Aspect-level Information Discrepancies across Heterogeneous Vulnerability Reports: Severity, Types and Detection MethodsACM Transactions on Software Engineering and Methodology10.1145/362473433:2(1-38)Online publication date: 22-Dec-2023
https://dl.acm.org/doi/10.1145/3624734
Fischer DSauerwein CWerchan MStelzer D(2023)An Exploratory Study on the Use of Threat Intelligence Sharing Platforms in Germany, Austria and SwitzerlandProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600185(1-7)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3600185
Qamar SAnwar ZAfzal M(2023)A systematic threat analysis and defense strategies for the metaverse and extended reality systemsComputers and Security10.1016/j.cose.2023.103127128:COnline publication date: 1-May-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103127
Machado da Silva RCosta Gondim Jde Oliveira Albuquerque R(2023)Methodology to Improve the Quality of Cyber Threat Intelligence Production Through Open Source PlatformsCSEI: International Conference on Computer Science, Electronics and Industrial Engineering (CSEI)10.1007/978-3-031-30592-4_7(86-98)Online publication date: 1-May-2023
https://doi.org/10.1007/978-3-031-30592-4_7
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents