TOVARŇÁK, Daniel, Michal ČECH, Dušan TICHÝ and Vojtěch DOHNAL. ObservableDB: An Inverted Index for Graph-Based Traversal of Cyber Threat Intelligence. Online. In Varga, Pal, et al. Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022. USA: IEEE, 2022, p. 1-4. ISBN 978-1-6654-0601-7. Available from: https://dx.doi.org/10.1109/NOMS54207.2022.9789882.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name ObservableDB: An Inverted Index for Graph-Based Traversal of Cyber Threat Intelligence
Authors TOVARŇÁK, Daniel (203 Czech Republic, guarantor, belonging to the institution), Michal ČECH (203 Czech Republic, belonging to the institution), Dušan TICHÝ (203 Czech Republic, belonging to the institution) and Vojtěch DOHNAL (203 Czech Republic, belonging to the institution).
Edition USA, Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022, p. 1-4, 4 pp. 2022.
Publisher IEEE
Other information
Original language English
Type of outcome Proceedings paper
Field of Study 10201 Computer sciences, information science, bioinformatics
Country of publisher United States of America
Confidentiality degree is not subject to a state or trade secret
Publication form electronic version available online
WWW URL
RIV identification code RIV/00216224:14610/22:00129774
Organization unit Institute of Computer Science
ISBN 978-1-6654-0601-7
ISSN 1542-1201
Doi http://dx.doi.org/10.1109/NOMS54207.2022.9789882
UT WoS 000851572700136
Keywords in English cyber threat intelligence; security; GraphQL
Tags rivok
Tags International impact, Reviewed
Changed by Changed by: Mgr. Alena Mokrá, učo 362754. Changed: 30/3/2023 13:35.
Abstract
In this paper, we address the lack of analytical tools and search interfaces, which would help both humans and machines to navigate and correlate the floods of heterogeneous cyber threat intelligence (CTI) data generated every day. This work supports our long-term goal of machine-assisted discovery and inference of detectable indicators for adversarial tactics, techniques, and procedures from the available CTI. In particular, we present the idea of an observable database that works as an inverted index for CTI. This observable-centric concept is supported by a fully-functional practical result that leverages a meta-programming approach to auto-generate a graph-based API for data search and manipulation. The created prototype allows for powerful graph-based filtering, traversal and retrieval of the stored cyber observables and the referenced CTI.
Links
VI20202022164, research and development projectName: Pokročilá orchestrace bezpečnosti a inteligentní řízení hrozeb (Acronym: ORION)
Investor: Ministry of the Interior of the CR, Advanced Security Orchestration and Intelligent Threat Management
PrintDisplayed: 24/7/2024 10:17