The Role of Anonymization in Cyber Threat Intelligence Sharing
Herlevi, Minna (2024)
2024
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2024063023918
https://urn.fi/URN:NBN:fi:amk-2024063023918
Tiivistelmä
The objective of this thesis is to create a framework for external Cyber Threat Intelligence (CTI) sharing. The goal is to assist organizations that wish to share their intelligence with external parties. The framework is used in a case study, showcasing how Hoxhunt, a Finnish cyber security company could implement and utilize the framework to enhance their external CTI sharing.
The research methodology used in this thesis is an integrative literature review. The integrative literature review is intended to provide an in-depth overview into CTI, utilising a variety of different sources, such as industry research, blogs, articles, and the websites of different industry vendors and regulators. The study covers the basic principles of CTI, and CTI collection and sharing, highlighting both the problems and benefits CTI sharing has.
As a result of the study, a framework for the anonymisation of CTI was developed. The framework was used to create anonymised threat data which can be freely shared. In its current form the framework matches the needs of Hoxhunt. The framework demonstrates a standardised approach for anonymizing threat data and due to a simple and flexible implementation, it can easily be adapted to suit the needs of different organisations.
The research methodology used in this thesis is an integrative literature review. The integrative literature review is intended to provide an in-depth overview into CTI, utilising a variety of different sources, such as industry research, blogs, articles, and the websites of different industry vendors and regulators. The study covers the basic principles of CTI, and CTI collection and sharing, highlighting both the problems and benefits CTI sharing has.
As a result of the study, a framework for the anonymisation of CTI was developed. The framework was used to create anonymised threat data which can be freely shared. In its current form the framework matches the needs of Hoxhunt. The framework demonstrates a standardised approach for anonymizing threat data and due to a simple and flexible implementation, it can easily be adapted to suit the needs of different organisations.