TA-35—Cyber Threat Data Model and Use Cases – Final Report

PDF

Authors
  1. Lemay, A.
Corporate Authors
Defence Research and Development Canada, Centre for Operational Research and Analysis, Ottawa ON (CAN);International Safety Research Inc, Ottawa ON (CAN)
Abstract
This report documents the efforts related to the production of a data model based on the STIX 2.0 format to characterize cyber threats. The work produced four main outcomes: - An analysis of the suitability of the STIX 2.0 standard to support the characterization of cyber threats; - STIX 2.0 compliant data models to support automation or analysis; - Profiles of Advanced Persistent Threat (APT) actors groups using the STIX 2.0 format; and - Examples of exercise scenarios using the APT actor profiles to demonstrate use cases. The main findings regarding the suitability of the STIX 2.0 standard are as follows: The standard is designed to represents threat information using graphs, with the various objects (threat actors, tools and malware, vulnerabilities, identities, etc.) modeled as nodes and the relationships between the objects represented as edges; - The standard is designed around the concept of a minimum viable product, with a small number of rules and a large capacity for customization; - The lack of enforced structures lends itself well to so-called “NOSQL” approaches, but makes automated processing more complex as the same information can be expressed in multiple forms; and - The standard, at the time of writing, lacks in maturity with continually evolving documentation and only partial software support. In terms of presenting a model, the report proposes to either embrace the unstructured nature of the standard in a NOSQL, or to enforce a certain structure to faci

Il y a un résumé en français ici.

Keywords
threat;data model;threat model;cyber intelligence;Cyber Threat;Advanced Persistent Threat;Use Cases
Report Number
DRDC-RDDC-2017-C290 — Contract Report
Date of publication
01 Nov 2017
Number of Pages
61
DSTKIM No
CA045522
CANDIS No
805945
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: