Course Description
Cyber threat intelligence (CTI) aims to provide valuable intelligence to help organizations be aware of and protect against cyber-attacks. This course provides students with a hands- on introduction to the fundamental concepts and tools of cyber threat intelligence.
Additional Requirements for Graduate Students:
In addition to the undergraduate requirements, graduate students
will complete a paper that thoroughly analyzes and critiques a
case study in cyber threat intelligence.
Athena Title
Cyber Threat Intelligence
Undergraduate Pre or Corequisite
MIST 4600 or MIST 4600E
Semester Course Offered
Offered fall and spring
Grading System
A - F (Traditional)
Course Objectives
Students will become familiar with the cyber threat intelligence lifecycle, identifying, collecting, and integrating intelligence feeds, common intelligence formats, and standard cyber threat intelligence technologies such as Collective Intelligence Frameworks (CIF’s), Trusted Automated eXchange of Intelligence Information (TAXII), and Security Information and Event Management (SIEM). In addition to these traditional topics, this course will deliver cutting-edge cyber threat intelligence education by placing a heavy emphasis on the application and development of state-of-the- art Big Data, visualization, web mining, and machine learning techniques and technologies to bolster common cyber threat intelligence data sources and threat analytics. Students will gain significant experiences in developing useful, actionable, and comprehensive cyber threat intelligence by creating a novel cyber threat intelligence platform utilizing the aforementioned analytics techniques on traditional intelligence feed data and hacker community data sets (e.g., DarkNet marketplaces, Hacker Forums, IRC channels). Upon the successful completion of this course, students will be able to recognize, describe, identify, discuss, explain, and implement cyber threat intelligence concepts and mechanisms from both technical and managerial perspectives within organizations.
Topical Outline
Topic 1: Cyber Threat Intelligence Introduction and Intelligence Strategy • Fundamental cyber threat intelligence concepts and vocabulary • Intelligence lifecycles • Threat trending • Critical asset identification • Indicators of compromise (IoC’s) • Modeling threat scenarios for an organization (diamond modelling) • Intelligence buy-in Topic 2: Intelligence Collection, Aggregation, and Capabilities • Identifying intelligence sources and feeds • Collecting and aggregating open source intelligence using web mining techniques • Collecting and aggregating internal intelligence • Intelligence formats (e.g., STIX, TAXII, CybOX, MAEC, CAPEC) • Setting up collective intelligence framework (CIF) and trusted automated eXchange of intelligence Information (TAXII) servers • Security information and event management (SIEM) • Big Data technologies (Hadoop and Spark) for CTI data aggregation and processing Topic 3: Threat Analytics and Reporting • Lockheed Martin cyber kill chain • Internal and external hacker profiling and tracking • Fundamental CTI analytics: summary statistics, event correlation, reputation, malware analysis, anomaly detection, forensics • Threat analytics utilizing machine learning and text mining approaches • Network science applications for cyber threat intelligence applications • Threat data visualizations and dashboards Topic 4: Operational Intelligence • Actionable intelligence • Courses of action • Proactive defense • Threat dissemination and intelligence sharing • Intelligence strategy, process, and systems review
Syllabus