Cyber Threat Intelligence Architecture for Applied Cybersecurity Scenarios PhD Thesis Proposal in Web Science and Technology

When talking about Cybersecurity, particularly in security incident response plan and processes it is very common and relevant to talk about the ability to detect malicious or suspicious activities and behavior as soon as possible, in other words, in this domain, in Cybersecurity everyone wants to reduce the Mean time to detect (MTTD) or Mean time to respond (MTTR) a potential security incident. The use of Cyber Threat Intelligence CTI indicators can contribute to the reduction of the mean time to detect threats and consequently directly influence the time to response, however there are different types of Cyber Threat Intelligence that serve different purposes. The objective of the study is the development of a reference architecture to support and process data from the most diverse type of data sources in terms of Cyber Threat Intelligence, for example using the combination data from Open Source Intelligence - OSINT sources and honeypots, taking into consideration the advantages and disadvantages of each of these types of data sources to correlate them with each other in order to increase the trust and reliability of the relevant indicators that can be used by security analysts in incident response processes. This paper presents the proposed work for a PhD thesis in Web Science and Technology, scheduled for completion in July 2023. This doctoral thesis falls within the area of Computer Engineering, with applicability in the domain of Cybersecurity and consequently in the subdomain of Threat Intelligence. The research project is in the state-of-the-art study phase. It is expected that the participation in this Doctoral Symposium will provide potential comments that can enhance the growth and complement the ongoing research work.