A Framework for Collecting and Processing Publicly Available Security Information into Actionable Threat Intelligence

Abstract

Obtaining timely information on vulnerabilities, attacks, threats, countermeasures and risks is crucial in combating today's sophisticated and constantly evolving security threats. The required information can be obtained from different sources, ranging from inter-organizational threat intelligence sharing platforms to publicly available security information sources. However, the heterogeneity of available information sources poses a major challenge for automatic collection and processing into actionable threat intelligence. To address this challenge, the following paper investigates methods for collecting and processing security information from diverse, heterogeneous sources into actionable threat intelligence. We present a generic extensible framework that enables the automatic generation of actionable threat intelligence from a variety of unstructured and structured security information sources.