The research topic is the design and development of an architecture and methodology for trusted threat intelligence sharing in the context of Security Analytics. The basic idea is to incorporate in our security analytics platform cyber-information coming from externals sources (public and private) in order to anticipate the defenses and be prepared for the attack. It is crucial to take into consideration the trust and reputation of the different sources before applying this information in order to prevent malicious nodes from feeding wrong or misleading info. The assessment of the information has to bear in mind two different types of source provisioning:
- information is handled by a single provider. In this case it is necessary to assess the trust in the source node because the trust in the information it provides is dependant of it
- information provided is a compilation of different sources. For this case it is necessary to assess the different data and, therefore, needs to be assessed individually for each data source provider
We also contemplate the provisioning of information, resulting from our analysis and activity, to external sources.