Article
Contextualized Filtering for Shared Cyber Threat Information
Athanasios Dimitriadis
1,2
, Christos Prassas
1
, Jose Luis Flores
3
, Boonserm Kulvatunyou
4
, Nenad Ivezic
4
,
Dimitris A. Gritzalis
5
and Ioannis K. Mavridis
1,
*
Citation: Dimitriadis, A.; Prassas, C.;
Flores, J.L.; Kulvatunyou, B.; Ivezic,
N.; Gritzalis, D.A.; Mavridis, I.K.
Contextualized Filtering for Shared
Cyber Threat Information. Sensors
2021, 21, 4890. https://doi.org/
10.3390/s21144890
Academic Editors: Alexios Mylonas
and Nikolaos Pitropakis
Received: 17 June 2021
Accepted: 14 July 2021
Published: 18 July 2021
Publisher’s Note: MDPI stays neutral
with regard to jurisdictional claims in
published maps and institutional affil-
iations.
Copyright: © 2021 by the authors.
Licensee MDPI, Basel, Switzerland.
This article is an open access article
distributed under the terms and
conditions of the Creative Commons
Attribution (CC BY) license (https://
creativecommons.org/licenses/by/
4.0/).
1
Department of Applied Informatics, University of Macedonia, 156 Egnatia Str., 54636 Thessaloniki, Greece;
asdimitriadis@uom.edu.gr (A.D.); prassas@uom.edu.gr (C.P.)
2
Associate, Engineering Laboratory, National Institute of Standards and Technology, 100 Bureau Drive,
Gaithersburg, MD 20899, USA
3
Industrial Cybersecurity, IKERLAN Technology Research Center, Basque Research and Technology
Alliance (BRTA), P.J.M. Arizmendiarrieta 2, 20500 Arrasate/Mondragón, Spain; jlflores@ikerlan.es
4
Engineering Laboratory, National Institute of Standards and Technology, 100 Bureau Drive,
Gaithersburg, MD 20899, USA; boonserm.kulvatunyou@nist.gov (B.K.); nenad.ivezic@nist.gov (N.I.)
5
Department of Informatics, Athens University of Economics and Business (AUEB), 10434 Athens, Greece;
dgrit@aueb.gr
* Correspondence: mavridis@uom.edu.gr
Abstract:
Cyber threat information sharing is an imperative process towards achieving collaborative
security, but it poses several challenges. One crucial challenge is the plethora of shared threat
information. Therefore, there is a need to advance filtering of such information. While the state-
of-the-art in filtering relies primarily on keyword- and domain-based searching, these approaches
require sizable human involvement and rarely available domain expertise. Recent research revealed
the need for harvesting of business information to fill the gap in filtering, albeit it resulted in providing
coarse-grained filtering based on the utilization of such information. This paper presents a novel
contextualized filtering approach that exploits standardized and multi-level contextual information
of business processes. The contextual information describes the conditions under which a given
threat information is actionable from an organization perspective. Therefore, it can automate filtering
by measuring the equivalence between the context of the shared threat information and the context
of the consuming organization. The paper directly contributes to filtering challenge and indirectly to
automated customized threat information sharing. Moreover, the paper proposes the architecture of a
cyber threat information sharing ecosystem that operates according to the proposed filtering approach
and defines the characteristics that are advantageous to filtering approaches. Implementation of the
proposed approach can support compliance with the Special Publication 800-150 of the National
Institute of Standards and Technology.
Keywords:
cyber threat information sharing; actionable threat information; filtering; business process
context
1. Introduction
Accurate and timely analysis of cyber-attacks is crucial for effective prevention, de-
tection, and response [
1
]. This becomes quite challenging, especially in the context of
complex information and communication technology infrastructures that have resulted
in an increased number of vulnerabilities. The industrial internet of things paradigm has
exacerbated the situation, making traditional security approaches become inappropriate or
considerably challenged [
2
]. On the other side, threat actors are becoming more intelligent
and incredibly strategic, utilizing advanced and continuously evolving attack techniques.
The targets of cyber-attacks can range from small–medium enterprises (SME) to critical
infrastructure services, putting a large number of sectors at risk. Some examples are the
cases of WannaCry [
3
] and Petya [
4
] ransomwares, as well as the case of Mirai Botnet [
5
],
all of which spread over or affected many private and public sectors.
Sensors 2021, 21, 4890. https://doi.org/10.3390/s21144890 https://www.mdpi.com/journal/sensors
