Threat intelligence sharing has become a cornerstone of cooperative and collaborative cybersecurity. Sources providing such data have become more widespread in recent years, ranging from public entities (driven by legislatorial changes) to commercial companies and open communities that provide threat intelligence in order to help organisations and individuals to better understand and assess the cyber threat landscape putting their systems at risk. Tool support to automatically process this information is emerging concurrently. It has been observed that the quality of information received by the sources varies significantly and that in order to assess the quality of a threat intelligence source it is not sufficient to only consider qualitative indications of the source itself, but it is necessary to monitor the data provided by the source continuously to be able to draw conclusions about the quality of information provided by a source. In this paper, we propose a methodology for evaluating cyber threat information sources based on quantitative parameters. The methodology aims to facilitate trust establishment to threat intelligence sources, based on a weighted evaluation method that allows each entity to adapt it to its own needs and priorities. The approach facilitates automated tools utilising threat intelligence, since information to be considered can be prioritised based on which source is trusted the most at the time the intelligence arrives.

Top