Nowadays, there are different kinds of public knowledge bases for cyber security vulnerability and threat intelligence which can be used for IoT security threat analysis. However, the heterogeneity of these knowledge bases and the complexity of the IoT environments make network security situation awareness and threat assessment difficult. In this paper, we integrate vulnerabilities, weaknesses, affected platforms, tactics, attack techniques, and attack patterns into a coherent set of links. In addition, we propose an IoT security ontology model, namely, the IoT Security Threat Ontology (IoTSTO), to describe the elements of IoT security threats and design inference rules for threat analysis. This IoTSTO expands the current knowledge domain of cyber security ontology modeling. In the IoTSTO model, the proposed multi-source knowledge reasoning method can perform the following tasks: assess the threats of the IoT environment, automatically infer mitigations, and separate IoT nodes that are subject to specific threats. The method above provides support to security managers in their deployment of security solutions. This paper completes the association of current public knowledge bases for IoT security and solves the semantic heterogeneity of multi-source knowledge. In this paper, we reveal the scope of public knowledge bases and their interrelationships through the multi-source knowledge reasoning method for IoT security. In conclusion, the paper provides a unified, extensible, and reusable method for IoT security analysis and decision making.
With the occurrence of cyber security incidents, the value of threat intelligence is coming to the fore. Timely extracting Indicator of Compromise (IOC) from cyber threat intelligence can quickly respond to threats. However, the sparse text in public threat intelligence scatters useful information, which makes it challenging to assess unstructured threat intelligence. In this paper, we proposed Cyber Threat Intelligence Automated Assessment Model (TIAM), a method to automatically assess highly sparse threat intelligence from multiple dimensions. TIAM implemented automatic classification of threat intelligence based on feature extraction, defined assessment criteria to quantify the value of threat intelligence, and combined ATT&CK to identify attack techniques related to IOC. Finally, we associated the identified IOCs, ATT&CK techniques, and intelligence quantification results. The experimental results shown that TIAM could better assess threat intelligence and help security managers to obtain valuable cyber threat intelligence.
Threat modeling and simulation (TMS) was aimed at dynamically capturing the features of attacks, which is a challenging job in complex Industrial Internet of Things (IIoT) control systems due to the complicated relationships among attacks. Recently, Meta Attack Language (MAL) showed its powerful TMS capabilities for representing complex attacks. However, existing methods pay less attention to the impact of changes in threat profiles on the simulation of key attack techniques. This paper proposes a novel method called threat response modeling language (TRMLang) for threat modeling and simulation in complex IIoT attacks. TRMLang obtains attacker information through an automated analysis of cyber threat intelligence (CTI) to build dynamic attacker profiles. Furthermore, it merges attacker features and probabilistic attack graphs in the simulation to improve TMS performance. The experimental results demonstrate that TRMLang can represent and evaluate the security conditions of IIoT control systems with two attack cases by Lazarus Group on SEGRID smart grids.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.