Vers une modélisation de la confiance dans le renseignement sur les menaces cyber

Abstract: Cyber threat intelligence (CTI) is essential for effective system defense. CTI is a collection of information about current or past threats to a computer system. This information is gathered by an agent through observation, or based on a set of sources. Building intelligence only makes sense if you have confidence in it. To achieve this, it is necessary to estimate the confidence in each piece of information gathered, taking into account the different dimensions that can make it up: reliability of the source, competence, plausibility of the information, credibility of the information, for example. The information gathered must then be combined with other information to consolidate an agent's knowledge. Recent advances have been made in the theory underlying the modeling of trust for decision-making based on uncertain information, notably by using multivalued logic. This approach makes it possible to deal with unknown values of trust-building parameters, or to easily integrate dimensions. In this article we present the problem of CTI and CTI information sharing, and the reasons that led us to use a logic-based solution for an initial implementation.