Privacy Preserving Cyber Threat Information Sharing and Learning for Cyber Defense

Badsha, Shahriar; Vakilinia, Iman; Sengupta, Shamik

doi:10.1109/ccwc.2019.8666477

Cited by 27 publications

(9 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The two open-source approaches that are suited to less digitally mature SMEs have a very specific goal. In the first, the authors create a spam filter based on open-source spam data, which can then be used by organisations to prevent spam from reaching employee inboxes [42]. The second approach also uses publicly available spam data, but this time it is connected to organisation IPs and used as a tool to confront companies with their security level [43].…”

Section: Literature Reviewmentioning

confidence: 99%

A Shared Cyber Threat Intelligence Solution for SMEs

Haastrecht

Golpur²,

Tzismadia³

et al. 2021

Electronics

View full text Add to dashboard Cite

Small- and medium-sized enterprises (SMEs) frequently experience cyberattacks, but often do not have the means to counter these attacks. Therefore, cybersecurity researchers and practitioners need to aid SMEs in their defence against cyber threats. Research has shown that SMEs require solutions that are automated and adapted to their context. In recent years, we have seen a surge in initiatives to share cyber threat intelligence (CTI) to improve collective cybersecurity resilience. Shared CTI has the potential to answer the SME call for automated and adaptable solutions. Sadly, as we demonstrate in this paper, current shared intelligence approaches scarcely address SME needs. We must investigate how shared CTI can be used to improve SME cybersecurity resilience. In this paper, we tackle this challenge using a systematic review to discover current state-of-the-art approaches to using shared CTI. We find that threat intelligence sharing platforms such as MISP have the potential to address SME needs, provided that the shared intelligence is turned into actionable insights. Based on this observation, we developed a prototype application that processes MISP data automatically, prioritises cybersecurity threats for SMEs, and provides SMEs with actionable recommendations tailored to their context. Subsequent evaluations in operational environments will help to improve our application, such that SMEs are enabled to thwart cyberattacks in future.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

A Shared Cyber Threat Intelligence Solution for SMEs

Haastrecht

Golpur²,

Tzismadia³

et al. 2021

Electronics

View full text Add to dashboard Cite

show abstract

“…Badsha et al [107] have proposed a new privacy-preserving user filtering protocol based on the locations where the users, who are not within a given region, can be eliminated. Recently, Badsha et al [108,109] have proposed a privacy-preserving collaborative cyber threat information sharing framework leveraging Homomorphic Encryption and content-centric network leveraging public key attribute-based encryption respectively.…”

Section: The Privacy-preserving Protocols and Mechanisms For Distribumentioning

confidence: 99%

A Survey of Context-Aware Access Control Mechanisms for Cloud and Fog Networks: Taxonomy and Open Research Issues

Kayes

Kalaria

Sarker

et al. 2020

Sensors

Self Cite

View full text Add to dashboard Cite

Over the last few decades, the proliferation of the Internet of Things (IoT) has produced an overwhelming flow of data and services, which has shifted the access control paradigm from a fixed desktop environment to dynamic cloud environments. Fog computing is associated with a new access control paradigm to reduce the overhead costs by moving the execution of application logic from the centre of the cloud data sources to the periphery of the IoT-oriented sensor networks. Indeed, accessing information and data resources from a variety of IoT sources has been plagued with inherent problems such as data heterogeneity, privacy, security and computational overheads. This paper presents an extensive survey of security, privacy and access control research, while highlighting several specific concerns in a wide range of contextual conditions (e.g., spatial, temporal and environmental contexts) which are gaining a lot of momentum in the area of industrial sensor and cloud networks. We present different taxonomies, such as contextual conditions and authorization models, based on the key issues in this area and discuss the existing context-sensitive access control approaches to tackle the aforementioned issues. With the aim of reducing administrative and computational overheads in the IoT sensor networks, we propose a new generation of Fog-Based Context-Aware Access Control (FB-CAAC) framework, combining the benefits of the cloud, IoT and context-aware computing; and ensuring proper access control and security at the edge of the end-devices. Our goal is not only to control context-sensitive access to data resources in the cloud, but also to move the execution of an application logic from the cloud-level to an intermediary-level where necessary, through adding computational nodes at the edge of the IoT sensor network. A discussion of some open research issues pertaining to context-sensitive access control to data resources is provided, including several real-world case studies. We conclude the paper with an in-depth analysis of the research challenges that have not been adequately addressed in the literature and highlight directions for future work that has not been well aligned with currently available research.

show abstract

“…Our approach is fully distributed as key management is handled in a distributed way by organizations sharing the data in a P2P manner, with federated authentication and access control support. Recently, Badsha et al [27] propose a privacy-preserving mechanism and protocol that employs homomorphic encryption to share aggregated CTI information (decision trees) across organizations through a central server that performs heavy homomorphic operations. e organizations are then able to learn the decision tree to make predictions or classifications on threat information, without disclosing private information.…”

Section: Related Workmentioning

confidence: 99%

Distributed Security Framework for Reliable Threat Intelligence Sharing

Preuveneers

Joosen

Bernabé

et al. 2020

Security and Communication Networks

View full text Add to dashboard Cite

Computer security incident response teams typically rely on threat intelligence platforms for information about sightings of cyber threat events and indicators of compromise. Other security building blocks, such as Network Intrusion Detection Systems, can leverage the information to prevent malicious adversaries from spreading malware across critical infrastructures. The effectiveness of threat intelligence platforms heavily depends on the willingness to share among organizations and the responsible use of sensitive information that may potentially harm the reputation of the reporting organization. The challenge that we address is the lack of trust in the source providing the threat intelligence and the information itself. We enhance our security framework TATIS—offering fine-grained protection for threat intelligence platform APIs—with distributed ledger capabilities to enable reliable and trustworthy threat intelligence sharing with the ability to audit the provenance of threat intelligence. We have implemented and evaluated the feasibility of our distributed framework on top of the Malware Information Sharing Platform (MISP) solution, and we evaluate the performance impact using real-world open-source threat intelligence feeds.

show abstract

Privacy Preserving Cyber Threat Information Sharing and Learning for Cyber Defense

Cited by 27 publications

References 24 publications

A Shared Cyber Threat Intelligence Solution for SMEs

A Shared Cyber Threat Intelligence Solution for SMEs

A Survey of Context-Aware Access Control Mechanisms for Cloud and Fog Networks: Taxonomy and Open Research Issues

Distributed Security Framework for Reliable Threat Intelligence Sharing

Contact Info

Product

Resources

About