A Comprehensive Dynamic Quality Assessment Method for Cyber Threat Intelligence

Extraordinary growth of the Internet poses a great challenge for defending worldwide evolution of cyber attacks. Introducing cyber threat intelligence (CTI) is a promising approach for alleviating malicious attacks, which heavily relies on the quality of CTI themselves. However, most of current studies develop CTI quality assessment from the perspective of source or content separately, regardless of their availability in practical. In this paper, a dynamic method named CTIC to comprehensively assess CTI quality is proposed. Specifically, we propose a novel CTI feed assessing scheme by modeling the interactions of feeds as a correlation graph. An iterative algorithm is elaborated to depict the feed quality precisely. We design a CTI content assessing scheme together with a machine learning algorithm to score the availability of content from multi-dimensions. Experimental results on real data confirm our proposed mechanism can quantitatively as well as effectively assess CTI quality.