The ever-increasing amount of major security incidents has led to an emerging interest in cooperative approaches to encounter cyber threats. To enable cooperation in detecting and preventing attacks it is an inevitable necessity to have structured and standardized formats to describe an incident. Corresponding formats are complex and of an extensive nature as they are often designed for automated processing and exchange. These characteristics hamper the readability and, therefore, prevent humans from understanding the documented incident. This is a major problem since the success and effectiveness of any security measure rely heavily on the contribution of security experts.To meet these shortcomings we propose a visual analytics concept enabling security experts to analyze and enrich semi-structured cyber threat intelligence information. Our approach combines an innovative way of persisting this data with an interactive visualization component to analyze and edit the threat information. We demonstrate the feasibility of our concept using the Structured Threat Information eXpression, the state-of-the-art format for reporting cyber security issues.

中文翻译：

---

用于网络威胁情报的基于图形的可视化分析

随着重大安全事件数量的不断增加，人们对合作应对网络威胁的方法越来越感兴趣。为了在检测和预防攻击方面进行合作，不可避免地需要使用结构化和标准化的格式来描述事件。相应的格式很复杂并且具有广泛的性质，因为它们通常是为自动处理和交换而设计的。这些特征阻碍了可读性，因此阻止了人们理解记录的事件。这是一个主要问题，因为任何安全措施的成功和有效性在很大程度上依赖于安全专家的贡献。为了克服这些缺点，我们提出了一个可视化分析概念，使安全专家能够分析和丰富半结构化的网络威胁情报信息。我们的方法将保留此数据的创新方法与交互式可视化组件相结合，以分析和编辑威胁信息。我们使用结构化威胁信息表达来证明我们的概念的可行性，这是报告网络安全问题的最先进格式。