Cyber threats are complex and diverse issues. Various types of threats emerge daily on the internet. In this research, we proposed a new Cyber Threat Intelligence platform to deal with the challenges above, using Snort as a tool for detecting anonymous network traffic and STIX as a serialization format and standardization of Cyber Threat Intelligence data. As a result, a Cyber Threat Intelligence based on Snort contains Apache Spark as the processing engine, MongoDB as the database, and STIX as the serialization format and data standardization. We test our platform by using two data sources, the CIC-IDS2017 dataset, and the real traffic. We successfully converted the snort alerts to STIX format and visualized them into graph. The graph shows indication of network traffic suspicious, the country of attacker come from, attribute information and attack pattern. The experiment shows that converting Snort data to STIX requires considerable time if the amount of data processed is getting bigger, Real Traffic needs 16 seconds of data preprocessing and 3 minutes of conversion time, while PCAP needs 35 seconds of preprocessing time and 13 minutes of conversion time.

Y. Medya Mahardhika, A. Sudarsono, and A. Barakbah, “Botnet Detection Using On-line Clustering with Pursuit Reinforcement Competitive Learning (PRCL),†EMITTER International Journal of Engineering Technology, vol. 6, no. 1, 2018.

P. Hall, C. Heath, and L. Coles-Kemp, “Critical visualization: A case for rethinking how we visualize risk and security,†J Cybersecur, vol. 1, no. 1, pp. 93–108, Sep. 2015, doi: 10.1093/cybsec/tyv004.

S. F. Astika, M. Jauhari, N. Isbatuzzin, M. Salman, and K. Ramli, “BUILDING A DYNAMIC SCALABLE PARALLEL CLOUD-BASED SNORT NIDS USING CONTAINERS AND BIG DATA,†Journal of Southwest Jiaotong University, vol. 56, no. 5, pp. 317–326, Oct. 2021, doi: 10.35741/issn.0258-2724.56.5.27.

S. E. Jasper, “U.S. Cyber Threat Intelligence Sharing Frameworks,†International Journal of Intelligence and CounterIntelligence, vol. 30, no. 1, pp. 53–65, Jan. 2017, doi: 10.1080/08850607.2016.1230701.

I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and intrusion traffic characterization,†in ICISSP 2018 - Proceedings of the 4th International Conference on Information Systems Security and Privacy, SciTePress, 2018, pp. 108–116. doi: 10.5220/0006639801080116.

Jun. Guo, Proceedings of 2016 5th IEEE International Conference on Network Infrastructure and Digital Content : IEEE IC-NIDC 2016 : September 23-25, 2016, Beijing, China. IEEE, 2016.