Cyber Threat Information Classification and Life Cycle Management using Smart Contracts

摘要

Nowadays, cyber critical infrastructures (CIs) are increasingly targeted by highly sophisticated cyber attacks and should be protected. Advances in cyber situational awareness technology lead to the creation of increasingly complex tools. Human analysts face challenges finding relevant information in large, complex data sets, when exploring data to discover patterns and insights. To be effective in identifying and defeating future cyber-attacks, cyber analysts require novel tools for incident report classification and life cycle management that can automatically analyse and share result in secure way between CI stakeholders to achieve better situation comprehension. Our goal is to provide solutions in realtime that could replace human input for cyber incident classification and management tasks to eliminate irrelevant information and to focus on important information to promptly adopt suitable countermeasures in case of an attack. Another contribution relates to the provided support for document life cycle management that should reduce the number of manual operations and save storage space. In this paper we evaluate the application of so-called "smart contracts" to an incident classification system and assess its accuracy and performance. We demonstrate how the presented techniques can be applied to support incident handling tasks performed by security operation centers (SOCs).