International Symposium on Digital Forensics and Security, Elazığ, Türkiye, 28 - 29 Haziran 2021, ss.14
In this study, since it is a laborious task to create cyber threat intelligence (CTI), a system that will facilitate the generating of CTI with data mining techniques is proposed. With the system, live or saved traffic records can be classified according to the learned attack types, and CTI can be generated automatically in a standard format. The system is able to update the training set with new attack types by allowing unknown attacks to be identified by expert opinion. The proposed system was designed by a literature survey. Modules of the system have been developed in line with the design, and knowledge discovery in databases processes, including algorithms, have been implemented. In order to verify the achievements of the system, it has been shown that the results of the studies in the literature and the accuracy obtained through the Weka tool, which has proven its reliability in data mining, are similar to the results of the proposed system. Then, the up-to-dateness of the attack types in the preferred dataset was analyzed. As a case study for the application of the proposed system, the traffic was recorded by drawing the attention of the attackers with honeypot systems on a server exposed to the internet for 24 hours, and CTI was generated through these records. It has been shown that the proposed system can be easily used to successfully generate CTI.