TL;DR
This paper introduces an open-source framework for modeling, sharing, and managing disinformation incidents within cyber threat intelligence, leveraging standardized formats and a centralized platform to enhance interoperability and response coordination.
Contribution
It presents the first integrated approach to include disinformation threats in the CTI ecosystem using DISARM, STIX2, and a microservice architecture.
Findings
Successfully modeled and shared over 100 real-world disinformation incidents.
Validated the framework's interoperability and effectiveness in a microservice environment.
First academic effort to incorporate disinformation threats into CTI systems.
Abstract
A key countermeasure in cybersecurity has been the development of standardized computational protocols for modeling and sharing cyber threat intelligence (CTI) between organizations, enabling a shared understanding of threats and coordinated global responses. However, while the cybersecurity domain benefits from mature threat exchange frameworks, there has been little progress in the automatic and interoperable sharing of knowledge about disinformation campaigns. This paper proposes an open-source disinformation threat intelligence framework for sharing interoperable disinformation incidents. This approach relies on i) the modeling of disinformation incidents with the DISARM framework (MITRE ATT&CK-based TTP modeling of disinformation attacks), ii) a custom mapping to STIX2 standard representation (computational data format), and iii) an exchange architecture (called DISINFOX) capable…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
