Rethinking information sharing for threat intelligence

Mohaisen, Aziz; Alibrahim, Omar; Kamhoua, Charles A.; Kwiat, Kevin; Njilla, Laurent

doi:10.1145/3132465.3132468

Cited by 19 publications

(19 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Internal information may include e-mail addresses, names, and other PII. CTI that was intercepted by an adversary could be used to attack stakeholders who have not yet patched their system [50,51]. Every shared information should have a risk calculation according to its sensitivity and impact.…”

Section: Risks Of Sharing Ctimentioning

confidence: 99%

See 1 more Smart Citation

Cyber threat intelligence sharing: Survey and research directions

Wagner

Mahbub

Palomar

et al. 2019

Computers & Security

154

View full text Add to dashboard Cite

Cyber Threat Intelligence (CTI) sharing has become a novel weapon in the arsenal of cyber defenders to proactively mitigate increasing cyber attacks. Automating the process of CTI sharing, and even the basic consumption, has raised new challenges for researchers and practitioners. This extensive literature survey explores the current state-of-the-art and approaches different problem areas of interest pertaining to the larger field of sharing cyber threat intelligence. The motivation for this research stems from the recent emergence of sharing cyber threat intelligence and the involved challenges of automating its processes. This work comprises a considerable amount of articles from academic and gray literature, and focuses on technical and non-technical challenges. Moreover, the findings reveal which topics were widely discussed, and hence considered relevant by the authors and cyber threat intelligence sharing communities.

show abstract

Section: Risks Of Sharing Ctimentioning

confidence: 99%

“…The Quality may be evaluated by the correctness, relevance, timeliness, usefulness, and uniqueness [50]. Furthermore, a member of the CTI sharing community who has always shared useful and timely information may be labeled as a quality stakeholder [51].…”

Section: Actionable Cyber Threat Intelligencementioning

confidence: 99%

Cyber threat intelligence sharing: Survey and research directions

Wagner

Mahbub

Palomar

et al. 2019

Computers & Security

154

View full text Add to dashboard Cite

show abstract

“…Dandurand et al [13] defined requirements for the exchange of information, emphasizing the necessity of assuring data integrity and availability, which is also supported by the work of Brown et al [14]. Mohaisen et al pointed out various open research questions in that field, such as possible dangers and negative incentives that may relate to the exchange of CTI [15]. In addition to this, there are also works that deal with specific implementations of CTI platforms, such as the MISP platform by Wagner et al [8].…”

Section: Related Workmentioning

confidence: 99%

DEALER: decentralized incentives for threat intelligence reporting and exchange

Menges

Putz

Pernul

2020

Int. J. Inf. Secur.

View full text Add to dashboard Cite

The exchange of threat intelligence information can make a significant contribution to improving IT security in companies and has become increasingly important in recent years. However, such an exchange also entails costs and risks, preventing many companies from participating. In addition, since legal reporting requirements were introduced in various countries, certain requirements must be taken into account in the exchange process. However, existing exchange platforms neither offer incentives to participate in the exchange process, nor fulfill requirements resulting from reporting obligations. With this work, we present a decentralized platform for the exchange of threat intelligence information. The platform supports the fulfillment of legal reporting obligations for security incidents and provides additional incentives for information exchange between the parties involved. We evaluate the platform by implementing it based on the EOS blockchain and IPFS distributed hash table. The prototype and cost measurements demonstrate the feasibility and cost-efficiency of our concept.

show abstract

“…Another example is presented in De Fuentes et al (2016), which proposes a protocol that provides privacy-preserving and agreeable cybersecurity information sharing, by leveraging existing format-preserving and homomorphic encryption techniques and adapting them to the particularities of standard message formats, such as the previous mentioned STIX. Finally, issues associated to the realization of an efficient and effective information sharing paradigms for actionable intelligence have been studied, focusing also on architectural solutions for ensuring privacy, considering many different standards for representing cyber threat information (Mohaisen et al 2017).…”

Section: Secure and Privacy-aware Information Sharingmentioning

confidence: 99%

Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures

Mouratidis

Kalogeraki

2020

Evolving Systems

View full text Add to dashboard Cite

In recent years, the use of information technologies in Critical Infrastructures is gradually increasing. Although this brings benefits, it also increases the possibility of security attacks. Despite the availability of various advanced incident handling techniques and tools, there is still no easy, structured, standardized and trusted way to manage and forecast interrelated cybersecurity incidents. This paper introduces CyberSANE, a novel dynamic and collaborative, warning and response system, which supports security officers and operators to recognize, identify, dynamically analyse, forecast, treat and respond to security threats and risks and and it guides them to handle effectively cyber incidents. The components of CyberSANE are described along with a description of the CyberSANE data flow. The main novelty of the CyberSANE system is the fact that it enables the combination of active incident handling approaches with reactive approaches to support incidents of compound, highly dependent Critical Information Infrastructures. The benefits and added value of using CyberSANE is described with the aid of a set of cyber-attack scenarios.

show abstract

Rethinking information sharing for threat intelligence

Cited by 19 publications

References 39 publications

Cyber threat intelligence sharing: Survey and research directions

Cyber threat intelligence sharing: Survey and research directions

DEALER: decentralized incentives for threat intelligence reporting and exchange

Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures

Contact Info

Product

Resources

About