Next Article in Journal
A Multi-Scale Multi-Task Learning Model for Continuous Dimensional Emotion Recognition from Audio
Next Article in Special Issue
Distributed Online Risk Assessment in the National Cyberspace
Previous Article in Journal
A 48 GHz Fundamental Frequency PLL with Quadrature Clock Generation for 60 GHz Transceiver
Previous Article in Special Issue
Memory Layout Extraction and Verification Method for Reliable Physical Memory Acquisition
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 11
Issue 3
10.3390/electronics11030416
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Key Requirements for the Detection and Sharing of Behavioral Indicators of Compromise

by
Antonio Villalón-Huerta
1,
Ismael Ripoll-Ripoll
2 and
Hector Marco-Gisbert
2,*
1
S2 Grupo, Ramiro de Maeztu 7, 46022 Valencia, Spain
2
Department of Computing Engineering, Universitat Politècnica de València, Camino de Vera s/n, 46022 Valencia, Spain
*
Author to whom correspondence should be addressed.
Electronics 2022, 11(3), 416; https://doi.org/10.3390/electronics11030416
Submission received: 28 December 2021 / Revised: 21 January 2022 / Accepted: 26 January 2022 / Published: 29 January 2022
(This article belongs to the Special Issue New Challenges on Cyber Threat Intelligence)
Browse Figures
Versions Notes

Abstract

Cyber threat intelligence feeds the focus on atomic and computed indicators of compromise. These indicators are the main source of tactical cyber intelligence most organizations benefit from. They are expressed in machine-readable formats, and they are easily loaded into security devices in order to protect infrastructures. However, their usefulness is very limited, specially in terms of time of life. These indicators can be useful when dealing with non-advanced actors, but they are easily avoided by advanced ones. To detect advanced actor’s activities, an analyst must deal with behavioral indicators of compromise, which represent tactics, techniques and procedures that are not as common as the atomic and computed ones. In this paper, we analyze why these indicators are not widely used, and we identify key requirements for successful behavioral IOC detection, specification and sharing. We follow the intelligence cycle as the arranged sequence of steps for a defensive team to work, thereby providing a common reference for these teams to identify gaps in their capabilities.
Keywords: cyber threat intelligence; indicator of compromise; IOC; TTP; MITRE ATT&CK cyber threat intelligence; indicator of compromise; IOC; TTP; MITRE ATT&CK

Share and Cite

MDPI and ACS Style

Villalón-Huerta, A.; Ripoll-Ripoll, I.; Marco-Gisbert, H. Key Requirements for the Detection and Sharing of Behavioral Indicators of Compromise. Electronics 2022, 11, 416. https://doi.org/10.3390/electronics11030416

AMA Style

Villalón-Huerta A, Ripoll-Ripoll I, Marco-Gisbert H. Key Requirements for the Detection and Sharing of Behavioral Indicators of Compromise. Electronics. 2022; 11(3):416. https://doi.org/10.3390/electronics11030416

Chicago/Turabian Style

Villalón-Huerta, Antonio, Ismael Ripoll-Ripoll, and Hector Marco-Gisbert. 2022. "Key Requirements for the Detection and Sharing of Behavioral Indicators of Compromise" Electronics 11, no. 3: 416. https://doi.org/10.3390/electronics11030416

APA Style

Villalón-Huerta, A., Ripoll-Ripoll, I., & Marco-Gisbert, H. (2022). Key Requirements for the Detection and Sharing of Behavioral Indicators of Compromise. Electronics, 11(3), 416. https://doi.org/10.3390/electronics11030416

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop