Toward interoperable representation and sharing of disinformation incidents in cyber threat intelligence

• URL: http://arxiv.org/abs/2502.20997v1
• Date: Fri, 28 Feb 2025 12:37:32 GMT
• Title: Toward interoperable representation and sharing of disinformation incidents in cyber threat intelligence
• Authors: Felipe Sánchez González, Javier Pastor-Galindo, José A. Ruipérez-Valiente,
• Abstract summary: This paper proposes an open-source disinformation threat intelligence framework for sharing interoperable disinformation incidents.<n>To the best of our knowledge, this work is the first academic and technical effort to integrate disinformation threats in the CTI ecosystem.
• Score: 0.7373617024876725
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: A key countermeasure in cybersecurity has been the development of standardized computational protocols for modeling and sharing cyber threat intelligence (CTI) between organizations, enabling a shared understanding of threats and coordinated global responses. However, while the cybersecurity domain benefits from mature threat exchange frameworks, there has been little progress in the automatic and interoperable sharing of knowledge about disinformation campaigns. This paper proposes an open-source disinformation threat intelligence framework for sharing interoperable disinformation incidents. This approach relies on i) the modeling of disinformation incidents with the DISARM framework (MITRE ATT&CK-based TTP modeling of disinformation attacks), ii) a custom mapping to STIX2 standard representation (computational data format), and iii) an exchange architecture (called DISINFOX) capable of using the proposed mapping with a centralized platform to store and manage disinformation incidents and CTI clients which consume the gathered incidents. The microservice-based implementation validates the framework with more than 100 real-world disinformation incidents modeled, stored, shared, and consumed successfully. To the best of our knowledge, this work is the first academic and technical effort to integrate disinformation threats in the CTI ecosystem.

Related papers

• DISINFOX: an open-source threat exchange platform serving intelligence on disinformation and influence operations [0.7373617024876725]
  This paper introduces DISINFOX, an open-source threat intelligence exchange platform for structured collection, management, and influence operations. DISINFOX is fully containerized using Docker, comprising a web-based backend for user interaction, a REST API for managing core functionalities, and a public API for structured data retrieval. As an open-source solution, DISINFOX provides a reproducible and hub for researchers, analysts, and policymakers seeking to enhance the detection, investigation, and mitigation of disinformation threats.
  arXiv  Detail & Related papers  (2025-04-02T15:11:43Z)
• Towards a scalable AI-driven framework for data-independent Cyber Threat Intelligence Information Extraction [0.0]
  This paper introduces 0-CTI, a scalable AI-based framework designed for efficient CTI Information Extraction.<n>The proposed system processes complete text sequences of CTI reports to extract a cyber ontology of named entities and their relationships.<n>Our contribution is the development of 0-CTI, the first modular framework for CTI Information Extraction that supports both supervised and zero-shot learning.
  arXiv  Detail & Related papers  (2025-01-08T12:35:17Z)
• CTINEXUS: Leveraging Optimized LLM In-Context Learning for Constructing Cybersecurity Knowledge Graphs Under Data Scarcity [49.657358248788945]
  Textual descriptions in cyber threat intelligence (CTI) reports are rich sources of knowledge about cyber threats. Current CTI extraction methods lack flexibility and generalizability, often resulting in inaccurate and incomplete knowledge extraction. We propose CTINexus, a novel framework leveraging optimized in-context learning (ICL) of large language models.
  arXiv  Detail & Related papers  (2024-10-28T14:18:32Z)
• SeCTIS: A Framework to Secure CTI Sharing [13.251593345960265]
  The rise of IT-dependent operations in modern organizations has heightened their vulnerability to cyberattacks. Current information-sharing methods lack privacy safeguards, leaving organizations vulnerable to leaks of both proprietary and confidential data. We design a novel framework called SeCTIS (Secure Cyber Threat Intelligence Sharing) to enable businesses to collaborate, preserving the privacy of their CTI data.
  arXiv  Detail & Related papers  (2024-06-20T08:34:50Z)
• Towards Cyber Threat Intelligence for the IoT [4.17685888727818]
  This paper presents a taxonomy and analysis of the Cyber Threat Intelligence (CTI) frameworks and CTI exchange platforms available today. It proposes a new CTI architecture relying on the MISP Threat Intelligence Sharing Platform customized and focusing on IoT environment. The proposed CTI architecture will be very beneficial for securing IoT networks, especially the ones working in harsh and adversarial environments.
  arXiv  Detail & Related papers  (2024-06-19T13:30:01Z)
• Differentiated Security Architecture for Secure and Efficient Infotainment Data Communication in IoV Networks [55.340315838742015]
  Negligence on the security of infotainment data communication in IoV networks can unintentionally open an easy access point for social engineering attacks. In particular, we first classify data communication in the IoV network, examine the security focus of each data communication, and then develop a differentiated security architecture to provide security protection on a file-to-file basis.
  arXiv  Detail & Related papers  (2024-03-29T12:01:31Z)
• SISSA: Real-time Monitoring of Hardware Functional Safety and Cybersecurity with In-vehicle SOME/IP Ethernet Traffic [49.549771439609046]
  We propose SISSA, a SOME/IP communication traffic-based approach for modeling and analyzing in-vehicle functional safety and cyber security. Specifically, SISSA models hardware failures with the Weibull distribution and addresses five potential attacks on SOME/IP communication. Extensive experimental results show the effectiveness and efficiency of SISSA.
  arXiv  Detail & Related papers  (2024-02-21T03:31:40Z)
• Large AI Model-Based Semantic Communications [48.73159237649128]
  In current Semantic Communication systems, the construction of the knowledge base (KB) faces several issues. Here, we propose a LAM-based SC framework (LAM-SC) specifically designed for image data, where we first apply the segment anything model (SAM)-based KB (SKB) Then, we present an attention-based semantic integration (ASI) to weigh the semantic segments generated by SKB without human participation and integrate them as the semantic aware image.
  arXiv  Detail & Related papers  (2023-07-07T10:01:08Z)
• ThreatKG: An AI-Powered System for Automated Open-Source Cyber Threat Intelligence Gathering and Management [65.0114141380651]
  ThreatKG is an automated system for OSCTI gathering and management. It efficiently collects a large number of OSCTI reports from multiple sources. It uses specialized AI-based techniques to extract high-quality knowledge about various threat entities.
  arXiv  Detail & Related papers  (2022-12-20T16:13:59Z)
• Orchestrating Collaborative Cybersecurity: A Secure Framework for Distributed Privacy-Preserving Threat Intelligence Sharing [7.977316321387031]
  Cyber Threat Intelligence (CTI) sharing is an important activity to reduce information asymmetries between attackers and defenders. Current literature assumes access to centralized databases containing all the information, but this is not always feasible. We propose a novel framework for extracting CTI from distributed data on incidents, vulnerabilities and indicators of compromise.
  arXiv  Detail & Related papers  (2022-09-06T17:44:20Z)
• A System for Automated Open-Source Threat Intelligence Gathering and Management [53.65687495231605]
  SecurityKG is a system for automated OSCTI gathering and management. It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
  arXiv  Detail & Related papers  (2021-01-19T18:31:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.