ObservableDB: An Inverted Index for Graph-Based Traversal of
Cyber Threat Intelligence

D 2022

ObservableDB: An Inverted Index for Graph-Based Traversal of Cyber Threat Intelligence

TOVARŇÁK, Daniel, Michal ČECH, Dušan TICHÝ a Vojtěch DOHNAL

Základní údaje

Originální název

ObservableDB: An Inverted Index for Graph-Based Traversal of Cyber Threat Intelligence

Autoři

TOVARŇÁK, Daniel (203 Česká republika, garant, domácí), Michal ČECH (203 Česká republika, domácí), Dušan TICHÝ (203 Česká republika, domácí) a Vojtěch DOHNAL (203 Česká republika, domácí)

Vydání

USA, Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022, od s. 1-4, 4 s. 2022

Nakladatel

IEEE

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10201 Computer sciences, information science, bioinformatics

Stát vydavatele

Spojené státy

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

elektronická verze "online"

Odkazy

URL

Kód RIV

RIV/00216224:14610/22:00129774

Organizační jednotka

Ústav výpočetní techniky

ISBN

978-1-6654-0601-7

ISSN

DOI

http://dx.doi.org/10.1109/NOMS54207.2022.9789882

UT WoS

000851572700136

Klíčová slova anglicky

cyber threat intelligence; security; GraphQL

Štítky

rivok

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 30. 3. 2023 13:35, Mgr. Alena Mokrá

Anotace

V originále

In this paper, we address the lack of analytical tools and search interfaces, which would help both humans and machines to navigate and correlate the floods of heterogeneous cyber threat intelligence (CTI) data generated every day. This work supports our long-term goal of machine-assisted discovery and inference of detectable indicators for adversarial tactics, techniques, and procedures from the available CTI. In particular, we present the idea of an observable database that works as an inverted index for CTI. This observable-centric concept is supported by a fully-functional practical result that leverages a meta-programming approach to auto-generate a graph-based API for data search and manipulation. The created prototype allows for powerful graph-based filtering, traversal and retrieval of the stored cyber observables and the referenced CTI.

Návaznosti

VI20202022164, projekt VaV

Název: Pokročilá orchestrace bezpečnosti a inteligentní řízení hrozeb (Akronym: ORION)

Investor: Ministerstvo vnitra ČR, Pokročilá orchestrace bezpečnosti a inteligentní řízení hrozeb

Citovat

TOVARŇÁK, Daniel, Michal ČECH, Dušan TICHÝ a Vojtěch DOHNAL. ObservableDB: An Inverted Index for Graph-Based Traversal of Cyber Threat Intelligence. Online. In Varga, Pal, et al. Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022. USA: IEEE, 2022, s. 1-4. ISBN 978-1-6654-0601-7. Dostupné z: https://dx.doi.org/10.1109/NOMS54207.2022.9789882.

@inproceedings{1863346,
   author = {Tovarňák, Daniel and Čech, Michal and Tichý, Dušan and Dohnal, Vojtěch},
   address = {USA},
   booktitle = {Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022},
   doi = {http://dx.doi.org/10.1109/NOMS54207.2022.9789882},
   editor = {Varga, Pal, et al.},
   keywords = {cyber threat intelligence; security; GraphQL},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {USA},
   isbn = {978-1-6654-0601-7},
   pages = {1-4},
   publisher = {IEEE},
   title = {ObservableDB: An Inverted Index for Graph-Based Traversal of Cyber Threat Intelligence},
   url = {https://doi.org/10.1109/NOMS54207.2022.9789882},
   year = {2022}
}

TY  - JOUR
ID  - 1863346
AU  - Tovarňák, Daniel - Čech, Michal - Tichý, Dušan - Dohnal, Vojtěch
PY  - 2022
TI  - ObservableDB: An Inverted Index for Graph-Based Traversal of Cyber Threat Intelligence
PB  - IEEE
CY  - USA
SN  - 9781665406017
KW  - cyber threat intelligence
KW  - security
KW  - GraphQL
UR  - https://doi.org/10.1109/NOMS54207.2022.9789882
N2  - In this paper, we address the lack of analytical tools and search interfaces, which would help both humans and machines to navigate and correlate the floods of heterogeneous cyber threat intelligence (CTI) data generated every day. This work supports our long-term goal of machine-assisted discovery and inference of detectable indicators for adversarial tactics, techniques, and procedures from the available CTI. In particular, we present the idea of an observable database that works as an inverted index for CTI. This observable-centric concept is supported by a fully-functional practical result that leverages a meta-programming approach to auto-generate a graph-based API for data search and manipulation. The created prototype allows for powerful graph-based filtering, traversal and retrieval of the stored cyber observables and the referenced CTI.
ER  -

TOVARŇÁK, Daniel, Michal ČECH, Dušan TICHÝ a Vojtěch DOHNAL. ObservableDB: An Inverted Index for Graph-Based Traversal of Cyber Threat Intelligence. Online. In Varga, Pal, et al. \textit{Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022}. USA: IEEE, 2022, s.~1-4. ISBN~978-1-6654-0601-7. Dostupné z: https://dx.doi.org/10.1109/NOMS54207.2022.9789882.

Podrobný výpis o publikaci