Foundations of Threat Intelligence Metrics

Abstract

Current threat intelligence markets lack transparency and are driven by marketing departments rather than empirical evidence. The investigators will develop THREAT INTELLIGENCE METRICS, tools and techniques for measuring the value of a threat intelligence source to an enterprise or its fitness for a particular purpose. The work will develop four kinds of metrics: TECHNICAL METRICS - based on absolute qualities of the threat intelligence source, COMPARATIVE METRICS - allow a user to compare one threat intelligence source to similar sources, OPERATIONAL METRICS - measure the operational value of a source, and RISK METRICS - assess the predictive value of threat intelligence in assessing organizational risk. These metrics will increase intelligence market transparency by allowing users to compare different threat intelligence products reliably. The risk metrics will allow cyber insurance underwriters to evaluate cyber risk more effectively, leading to less costly and more effective risk management tools for organizations.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2021
Accession Number
AD1153038

Entities

People

  • Kirill Levchenko

Organizations

  • University of California, San Diego

Tags

DTIC Thesaurus Topics

  • Accuracy
  • Air Force
  • Air Force Research Laboratories
  • Anti-Virus Software
  • Command And Control
  • Cyber Threats
  • Cybersecurity
  • Data Sets
  • Electronic Mail
  • Government Procurement
  • Governments
  • Information Retrieval
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Network Protocols
  • Operating Systems
  • Routing Protocols
  • Standards
  • United States

Fields of Study

  • Computer science
  • Engineering

Readers

  • Cybersecurity.
  • Economics
  • Software Engineering.

Technology Areas

  • Cyber