A Robust Architecture for Aggregation of Heterogeneous Data for Threat Intelligence Platforms

• Published in: Pattern Recognition and Image Analysis (IPRIA), International Conference on pp. 1 - 6
• Main Authors: Yasmeen, Afzal, Muhammad, Asim, Ullah, Khan Kifayat
• Format: Conference Proceeding
• Language: English
• Published: IEEE 21.10.2022
• Subjects: Computer architecture; Computers; Cyber threat intelligence; Data aggregation; Data models; Heterogeneous Data Sources; Targeted Data Model; Threat Intelligence Platform; Transforms; XML
• ISSN: 2049-3630
• DOI: 10.1109/INMIC56986.2022.9972973

With increased dependency on computers, the threat of cyber-attacks becomes more prevalent. Cyber threat intelligence gathers reports from previous threats and helps to identify potential future attacks. The challenge for threat intelligence is overloaded threat feeds from various sources with structural heterogeneity. Currently, most of the sources share same type of data in heterogeneous format with different identifiers. In this paper, an architecture has been proposed for data aggregation from heterogeneous sources. The architecture is based on a three tier model that maps the heterogeneous sources' feeds into the target Threat Intelligence Platform (TIP). In this model, each layer has its own set of tasks and works in a step-by-step pattern, the output of one layer is input to the next layer. The working of this model is entirely dependent on the XML broker for dynamic mapping of sources. The objective is to have a unified system that can transform data from heterogeneous sources into a unified form that can assist the TIP in further statistics generation for analysis. This architecture has been implemented over six heterogeneous sources and performed data aggregation.