Orchestrating Collaborative Cybersecurity: A Secure Framework for Distributed Privacy-Preserving Threat Intelligence Sharing

Cyber Threat Intelligence (CTI) sharing is an important activity to reduce information asymmetries between attackers and defenders. However, this activity presents challenges due to the tension between data sharing and confidentiality, that result in information retention often leading to a free-rider problem. Therefore, the information that is shared represents only the tip of the iceberg. Current literature assumes access to centralized databases containing all the information, but this is not always feasible, due to the aforementioned tension. This results in unbalanced or incomplete datasets, requiring the use of techniques to expand them; we show how these techniques lead to biased results and misleading performance expectations. We propose a novel framework for extracting CTI from distributed data on incidents, vulnerabilities and indicators of compromise, and demonstrate its use in several practical scenarios, in conjunction with the Malware Information Sharing Platforms (MISP). Policy implications for CTI sharing are presented and discussed. The proposed system relies on an efficient combination of privacy enhancing technologies and federated processing. This lets organizations stay in control of their CTI and minimize the risks of exposure or leakage, while enabling the benefits of sharing, more accurate and representative results, and more effective predictive and preventive defenses.


Privacy-preserving and Trusted Threat Intelligence Sharing using Distributed Ledgers

Threat information sharing is considered as one of the proactive defensi...

Taxonomy driven indicator scoring in MISP threat intelligence platforms

IT security community is recently facing a change of trend from closed t...

A Blockchain-Enabled Incentivised Framework for Cyber Threat Intelligence Sharing in ICS

In recent years Industrial Control Systems (ICS) have been targeted incr...

Cybersecurity Information Exchange with Privacy (CYBEX-P) and TAHOE – A Cyberthreat Language

Cybersecurity information sharing (CIS) is envisioned to protect organiz...

Challenges and Opportunities of Blockchain for Cyber Threat Intelligence Sharing

The emergence of the Internet of Things (IoT) technology has caused a po...

Accuracy and Privacy Evaluations of Collaborative Data Analysis

Distributed data analysis without revealing the individual data has rece...

Designing a Trusted Data Brokerage Framework in the Aviation Domain

In recent years, there is growing interest in the ways the European avia...

Please sign up or login with your details

Forgot password? Click here to reset