ABSTRACT
In the past decade, the information security and threat landscape has grown significantly making it difficult for a single defender to defend against all attacks at the same time. This called for introducing information sharing, a paradigm in which threat indicators are shared in a community of trust to facilitate defenses. Standards for representation, exchange, and consumption of indicators are proposed in the literature, although various issues are undermined. In this paper, we take the position of rethinking information sharing for actionable intelligence, by highlighting various issues that deserve further exploration. We argue that information sharing can benefit from well-defined use models, threat models, well-understood risk by measurement and robust scoring, well-understood and preserved privacy and quality of indicators and robust mechanism to avoid free riding behavior of selfish agents. We call for using the differential nature of data and community structures for optimizing sharing designs and structures.
- -. 2016. Cyber Information Sharing and Collaboration Program. http://www.dhs.gov/topic/cybersecurity-information-sharing. (May 2016).Google Scholar
- 2014. Framework for improving critical infrastructure cybersecurity. Technical Report. National Institute of Standards and Technology.Google Scholar
- R Barnes, B Schneier, C Jennings, T Hardie, B Trammell, C Huitema, and D Borkmann. 2015. Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement. Technical Report.Google Scholar
- Facebook Inc. 2016. ThreatExchange. https://developers.facebook.com/products/threat-exchange/. (May 2016).Google Scholar
- Shafi Goldwasser. 1997. Multi party computations: past and present. In Proceedings of the sixteenth annual ACM symposium on Principles of distributed computing. ACM, 1--6. Google ScholarDigital Library
- Chris Johnson, Lee Badger, David Waltermire, Julie Snyder, and Clem Skorupka. 2016. Guide to Cyber Threat Information Sharing. Technical Report. NIST. Google ScholarCross Ref
- Charles A. Kamhoua, Andrew P. Martin, Deepak K. Tosh, Kevin A. Kwiat, Chad Heitzenrater, and Shamik Sengupta. 2015. Cyber-Threats Information Sharing in Cloud Computing: A Game Theoretic Approach. In IEEE CSCloud. 382--389. Google ScholarDigital Library
- Charles A. Kamhoua, Anbang Ruan, Andrew P. Martin, and Kevin A. Kwiat. 2015. On the Feasibility of an Open-Implementation Cloud Infrastructure: A Game Theoretic Analysis. In 8th IEEE/ACM UCC. 217--226.Google Scholar
- Myungsun Kim, Aziz Mohaisen, Jung Hee Cheon, and Yongdae Kim. 2016. Private Over-Threshold Aggregation Protocols over Distributed Datasets. IEEE Trans. Knowl. Data Eng. 28, 9 (2016), 2467--2479. Google ScholarDigital Library
- Javvad Malik. 2016. Threat Intelligence Sharing: The Only Way to Combat Our Growing Skills Gap. Information Security Magazine. (May 2016).Google Scholar
- Aziz Mohaisen and Omar Alrawi. 2013. Unveiling Zeus: automated classification of malware samples. In Proc. of ACM WWW. Google ScholarDigital Library
- Aziz Mohaisen and Omar Alrawi. 2014. AV-Meter: An Evaluation of Antivirus Scans and Labels. In Proc. of DIMVA. Google ScholarCross Ref
- Helen Nissenbaum. 2009. Privacy in context: Technology, policy, and the integrity of social life. Stanford University Press.Google Scholar
- Teri Robinson. 2014. Breaches, malware to cost $491 billion in 2014, study says. http://bit.ly/1gNXu90. (2014).Google Scholar
- Julie Ryan. 2012. Use of Information Sharing Between Government and Industry as a Weapon. Leading Issues in Information Warfare & Security Research 1 (2012).Google Scholar
- Deepak K. Tosh, Shamik Sengupta, Charles A. Kamhoua, Kevin A. Kwiat, and Andrew P. Martin. 2015. An evolutionary game-theoretic framework for cyber-threat information sharing. In IEEE ICC, London, United Kingdom, June 8--12, 2015. 7341--7346. Google ScholarCross Ref
- Deepak K. Tosh, Shamik Sengupta, Sankar Mukhopadhyay, Charles A. Kamhoua, and Kevin A. Kwiat. 2015. Game Theoretic Modeling to Enforce Security Information Sharing among Firms. In IEEE CSCloud. 7--12. Google ScholarDigital Library
- An Wang, Aziz Mohaisen, Wentao Chang, and Songqing Chen. 2015. Delving into Internet DDoS Attacks by Botnets: Characterization and Analysis. In Proc. of IEEE DSN. Google ScholarDigital Library
- An Wang, Aziz Mohaisen, Wentao Chang, and Songqing Chen. 2015. Revealing DDoS Attack Dynamics behind the Scenes. In Proc. of DIMVA.Google Scholar
- An Wang, Aziz Mohaisen, and Songqing Chen. 2017. An Adversary-Centric Behavior Modeling of DDoS Attacks. In 37th IEEE International Conference on Distributed Computing Systems, ICDCS 2017, Atlanta, GA, USA, June 5--8, 2017. 1126--1136. Google ScholarCross Ref
Index Terms
- Rethinking information sharing for threat intelligence
Recommendations
From Cyber Security Information Sharing to Threat Management
WISCS '15: Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative SecurityAcross the world, organizations have teams gathering threat data to protect themselves from incoming cyber attacks and maintain a strong cyber security posture. Teams are also sharing information, because along with the data collected internally, ...
Privacy Protection Against Malicious Adversaries in Distributed Information Sharing Systems
We address issues related to sharing information in a distributed system consisting of autonomous entities, each of which holds a private database. We consider threats from malicious adversaries that can deviate from the designated protocol and change ...
A Summary of the Development of Cyber Security Threat Intelligence Sharing
In recent years, the sharing of cybersecurity threat intelligence (hereinafter referred to as threat intelligence) has received increasing attention from national network security management organizations and network security enterprises. Academia and ...
Comments