Towards modeling trust in Cyber Threat Intelligence


Cyber Threat Intelligence (CTI) is essential to cyber defense. It identifies potential threats to a computer system. This information is gathered by an agent through observation, or by using sources. It is then necessary to estimate the confidence in each piece of information gathered, taking into account the various dimensions that can make up confidence : reliability of the source, competence, plausibility of the information, credibility of the information, for example. The information gathered must then be aggregated to consolidate it. Progress has been made in the theory underlying the modeling of trust when it is multidimensional and potentially some of the values of the dimensions are indeterminate. Here, we present the problem of CTI and intelligence sharing, and the reasons why we are using a logic for a first implementation.