Cyber threat data model – High-level model and use cases


  1. Kellett, M.
  2. Bernier, M.
Corporate Authors
Defence Research and Development Canada, Ottawa Research Centre, Ottawa ON (CAN);Defence Research and Development Canada, Centre for Operational Research and Analysis, Ottawa ON (CAN)
As part of the Cyber Decision Making and Response project, Defence Research and Development Canada (DRDC) is conducting research on threat characterization and investigating the feasibility of supporting the generation and use of cyber intelligence within an automated computer network defence construct. The purpose of this Reference Document is to take the high-level work done so far on the characterization of threats and to put it in the context of a process for developing cyber intelligence and potentially predicting future attacks based on those threats. Accordingly, a high-level cyber threat data model is proposed that conceptually should allow us to bridge the gap between defensive cyber operations and intelligence processes. Three applications of the model are discussed: a reactive application that allows for the detection and assessment of attacks on our network with the potential for attribution to previously unknown actors; a proactive application that allows for the prediction of where future attacks may be targeted based on our understanding of the intent of known actors; and an observational application that allows for the automation of our computer network defences based on the observed traits of ongoing attacks.

Il y a un résumé en français ici.

threat;cyber operations;data model;threat characterisation;threat model;intelligence processes;cyber intelligence;defensive cyber operations
Report Number
DRDC-RDDC-2016-D080 — Reference Document
Date of publication
01 Dec 2016
Number of Pages
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: