cyberaCTIve: a STIX-based Tool for Cyber Threat Intelligence in Complex   Models

Ricardo M. Czekster; Roberto Metere; Charles Morisset

arXiv:2204.03676·cs.CR·May 13, 2022·6 cites

cyberaCTIve: a STIX-based Tool for Cyber Threat Intelligence in Complex Models

Ricardo M. Czekster, Roberto Metere, Charles Morisset

PDF

Open Access 1 Repo

TL;DR

cyberaCTIve is a tool designed to improve STIX-based cyber threat intelligence modeling for complex cyber-physical systems like smart grids, enabling better representation and sharing of intricate threat models.

Contribution

the paper introduces cyberaCTIve, a novel tool that enhances STIX-based modeling for complex CPS threat intelligence where simple sub-projects are insufficient.

Findings

01

enables detailed modeling of complex CPS threats

02

improves sharing of intricate threat information

03

supports real-world cyber-physical system analysis

Abstract

Cyber threat intelligence (CTI) is practical real-world information that is collected with the purpose of assessing threats in cyber-physical systems (CPS). A practical notation for sharing CTI is STIX. STIX offers facilities to create, visualise and share models; however, even a moderately simple project can be represented in STIX as a quite complex graph, suggesting to spread CTI across multiple simpler sub-projects. Our tool aims to enhance the STIX-based modelling task in contexts when such simplifications are infeasible. Examples can be the microgrid and, more in general, the smart grid.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

czekster/cyberactive
noneOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdvanced Malware Detection Techniques · Digital and Cyber Forensics · Network Security and Intrusion Detection