An automated dynamic quality assessment method for cyber threat intelligence

The emergence of cyber threat intelligence (CTI) is a promising approach for alleviating malicious activities. However, the effectiveness of CTIs is heavily dependent on their quality. Current literature develops the CTI quality assessment ontology mainly from the perspective of CTI source or content separately, regardless of their availability in practice. In this paper, we propose an automated CTI quality assessment method that synthesizes the trustworthiness of CTI sources and the availability of CTI contents. Specifically, we model the interactions of CTI feeds as a correlation graph and propose an iterative algorithm to well discriminate the feeds' trustworthiness. We elaborate a CTI content assessment together with a machine learning algorithm to automatically classify CTIs' availability from a set of content metrics. A comprehensive CTI quality assessment is proposed by jointly considering the feed trustworthiness and content availability. Extensive experimental results on real datasets demonstrate that our proposed method can quantitatively as well as effectively assess CTI quality.