Rethinking information sharing for threat intelligence

In the past decade, the information security and threat landscape has grown significantly making it difficult for a single defender to defend against all attacks at the same time. This called for introducing information sharing, a paradigm in which threat indicators are shared in a community of trust to facilitate defenses. Standards for representation, exchange, and consumption of indicators are proposed in the literature, although various issues are undermined. In this paper, we take the position of rethinking information sharing for actionable intelligence, by highlighting various issues that deserve further exploration. We argue that information sharing can benefit from well-defined use models, threat models, well-understood risk by measurement and robust scoring, well-understood and preserved privacy and quality of indicators and robust mechanism to avoid free riding behavior of selfish agents. We call for using the differential nature of data and community structures for optimizing sharing designs and structures.

[1]  Shafi Goldwasser,et al.  Multi party computations: past and present , 1997, PODC '97.

[2]  Andrew P. Martin,et al.  Cyber-Threats Information Sharing in Cloud Computing: A Game Theoretic Approach , 2015, 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing.

[3]  Helen Nissenbaum,et al.  Privacy in Context - Technology, Policy, and the Integrity of Social Life , 2009 .

[4]  Andrew P. Martin,et al.  An evolutionary game-theoretic framework for cyber-threat information sharing , 2014, 2015 IEEE International Conference on Communications (ICC).

[5]  Shamik Sengupta,et al.  Game Theoretic Modeling to Enforce Security Information Sharing among Firms , 2015, 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing.

[6]  Cumberland Emergency,et al.  Framework for Improving Critical Infrastructure Cybersecurity News From Down Under , 2014 .

[7]  Andrew P. Martin,et al.  On the Feasibility of an Open-Implementation Cloud Infrastructure: A Game Theoretic Analysis , 2015, 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC).

[8]  Aziz Mohaisen,et al.  Private Over-Threshold Aggregation Protocols over Distributed Datasets , 2016, IEEE Transactions on Knowledge and Data Engineering.

[9]  Aziz Mohaisen,et al.  Unveiling Zeus: automated classification of malware samples , 2013, WWW.

[10]  Aziz Mohaisen,et al.  An Adversary-Centric Behavior Modeling of DDoS Attacks , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[11]  Christian Huitema,et al.  Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement , 2015, RFC.

[12]  David Waltermire,et al.  Guide to Cyber Threat Information Sharing , 2016 .

[13]  Aziz Mohaisen,et al.  Capturing DDoS Attack Dynamics Behind the Scenes , 2015, DIMVA.

[14]  Gregory A. Witte,et al.  Framework for Improving Critical Infrastructure Cybersecurity | NIST , 2014 .

[15]  Aziz Mohaisen,et al.  AV-Meter: An Evaluation of Antivirus Scans and Labels , 2014, DIMVA.

[16]  Aziz Mohaisen,et al.  Delving into Internet DDoS Attacks by Botnets: Characterization and Analysis , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.