JIS  Vol.10 No.4 , October 2019
Research on University’s Cyber Threat Intelligence Sharing Platform Based on New Types of STIX and TAXII Standards
Abstract: With the systematization of cyber threats, the variety of intrusion tools and intrusion methods has greatly reduced the cost of attackers’ threats to network security. Due to a large number of colleges and universities, teachers and students are highly educated and the Internet access rate is nearly 100%. The social status makes the university network become the main target of threat. The traditional defense method cannot cope with the current complex network attacks. In order to solve this problem, the threat intelligence sharing platform based on various threat intelligence sharing standards is established, which STIX and TAXII It is a widely used sharing standard in various sharing platforms. This paper analyzes the existing standards of STIX and TAXII, improves the STIX and TAXII standards based on the analysis results, and proposes a new type of STIX and TAXII based on the improved results. The standard design scheme of threat intelligence sharing platform suitable for college network environment features. The experimental results show that the threat intelligence sharing platform designed in this paper can be effectively applied to the network environment of colleges and universities.
Cite this paper: Wang, G. , Huo, Y. and Ma, Z. (2019) Research on University’s Cyber Threat Intelligence Sharing Platform Based on New Types of STIX and TAXII Standards. Journal of Information Security, 10, 263-277. doi: 10.4236/jis.2019.104015.

[1]   Ministry of Education of the People’s Republic of China (2019) 2019 National Higher Education List.

[2]   Yang, Z.-M., Li, Q., Liu, J.-R., et al. (2015) Research on Threat Intelligence Sharing and Utilization for Attack Source Tracing. Information Security Research, 1, 31-36.

[3]   Thomas, R.K., et al. (2019) System and Method for Modeling and Analyzing the Impact of Cyber-Security Events on Cyber-Physical Systems. U.S. Patent Application No. 15/264,028.

[4]   Xu, L.-P. and Hao, W.-J. (2016) The Status Quo of Threat Intelligence in US Government and Enterprise Networks and Its Enlightenment to China. Information Network Security, No. 9, 278-284.

[5]   Elchin, A. and Burger, E. (2016) Semantic Ontologies for Cyber Threat Sharing Standards. 2016 IEEE Symposium on Technologies for Homeland Security, Waltham, MA, 10-11 May 2016, 1-6.

[6]   Gong, Y. (2017) Research on Threat Intelligence Usage and Sharing Method. Chinese Computer Society. Proceedings of the 32nd National Computer Security Academic Exchange Conference, 4.

[7]   Liu, Y., Zhang, H.-F., Zhang, L., et al. (2018) Study on a Penetration Testing Collaboration Scheme Based on STIX Information Interaction. Information Technology and Network Security, 37, 1-5.

[8]   Kim, E., Kim, K., Shin, D., Jin, B. and Kim, H. (2018) CyTIME: Cyber Threat Intelligence ManagEment Framework for Automatically Generating Security Rules. Proceedings of the 13th International Conference on Future Internet Technologies, Seoul, 20-22 June 2018, Article No. 7.

[9]   Haass, J.C., Ahn, G.-J. and Grimmelmann, F. (2015) ACTRA: A Case Study for Threat Information Sharing. Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, Denver, CO, 12 October 2015, 23-26.

[10]   Frank, F., Smulders, A. and Kerkdijk, R. (2015) Cyber Security Information Exchange to Gain Insight into the Effects of Cyber Threats and Incidents. e & i Elektrotechnik und Informationstechnik, 132, 106-112.

[11]   Bedini, I., Matheus, C., Boran, A., Patel-Schneider, P.F. and Nguyen, B. (2011) Transforming XML Schema to OWL Using Patterns. 2011 IEEE 5th International Conference on Semantic Computing, Palo Alto, CA, 18-21 September 2011, 102-109.

[12]   Connolly, J., Davidson, M. and Schmidt, C. (2014) The Trusted Automated Exchange of Indicator Information (Taxii). The MITRE Corporation, Bedford, MA, 1-20.

[13]   Fette, I. and Melnikov, A. (2011) The Websocket Protocol.

[14]   Dunkels, A. (2001) Design and Implementation of the lwIP TCP/IP Stack. Swedish Institute of Computer Science, 2, 77.

[15]   Attack, Cross Site Scripting (2014) Audit Your Website Security with Acunetix Web Vulnerability Scanner.

[16]   Daud, N.I., Abu Bakar, K.A. and Md Hasan, M.S. (2014) A Case Study on Web Application Vulnerability Scanning Tools. 2014 Science and Information Conference, London, 27-29 August 2014, 595-600.

[17]   Wichers, D. (2013) Owasp Top-10 2013. OWASP Foundation.