2021 IEEE International Conference on Cyber Security and Resilience

Full Program

Summary:

Cyber threat information (CTI) can be utilized to investigate incidents by leveraging threat-related knowledge from prior incidents with digital forensic techniques and tools. However, the actionability of CTI in digital forensics has not yet been evaluated. Such evaluation is important to ascertain that CTI is as actionable as it can be and to reveal areas of improvement. In this study, a dataset of CTI products was created from well-known CTI sources and its actionability in digital forensics was evaluated. The evaluation results showed a high level of CTI actionability that still needs enhancements in supporting some widely present types of attacks. To further enhance the provision of actionable CTI, the development of the new TREVItoSTIX Autopsy module is presented. TREVItoSTIX allows the expression of the findings of an incident investigation in the STIX format in order to be easily shared and reused in future DF investigations

Author(s):

Athanasios Dimitriadis    
University of Macedonia
Greece

Efstratios Lontzetidis    
University of Macedonia
Greece

Ioannis Mavridis    
University of Macedonia
Greece

 


Copyright © 2021 SUMMIT-TEC GROUP LTD