Developing a comprehensive framework for contextualizing cyber threat intelligence through knowledge graphs

In cybersecurity, understanding evolving threats through cyber threat intelligence (CTI) is crucial for organizations to protect their digital assets, which are essential for maintaining operational integrity, customer trust, and competitive advantage in an increasingly digital world. However, they often struggle with data overload and fragmented silos, making it difficult to identify relevant CTI. This thesis addresses this challenge by proposing a comprehensive framework for contextualizing CTI through knowledge graphs, which functions as an automated enrichment process. This process enhances data silos by incorporating factors relevant to CTI contextualization such as location, target entity, and vulnerability details which are gathered through NER from report descriptions and from utilizing the NIST API to gather additional information from vulnerabilities. Results suggest that this automated contextualization can achieve utilization rates of nearly 97.7%, depending on the enriched factor. This enrichment could help organizations improve the management and interpretation of threat data, enhancing threat detection and response efficiency.
Julian Hotter, BSc
Masterarbeit University of Innsbruck 2024