A Novel Trust Taxonomy for Shared Cyber Threat Intelligence

Wagner, Thomas D.; Palomar, Esther; Mahbub, Khaled; Abdallah, Ali E.

doi:10.1155/2018/9634507

Cited by 24 publications

(9 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Applying privacy preserving mechanisms introduces a trade-off between the effectiveness of the process of information sharing and compliance with privacy preserving guidelines and policies [10], [11]. Moreover, trustworthiness of a CTI source is evaluated in the studies of [12], [13] in the aim of providing a more rigorous trust-model.…”

Section: A Cti Quality and Trustmentioning

confidence: 99%

See 1 more Smart Citation

Trust and Quality Computation for Cyber Threat Intelligence Sharing Platforms

Mavzer

Konieczná

Alves

et al. 2021

2021 IEEE International Conference on Cyber Security and Resilience (CSR)

View full text Add to dashboard Cite

Information sharing has been considered a critical solution against the ever-increasing complexity of cyber-attacks. In this effort Cyber Threat Intelligence is undergoing a process of increasing its maturity levels. The quantification of the quality of shared information and the assessment of trust amongst information sharing entities is an important part of the process. The Trust and Quality Tool has been designed as a tool with the aim of improving the trust in the relevancy of shared information by enabling an option to assess its trustworthiness and defining a set of metrics for trust and quality.

show abstract

Section: A Cti Quality and Trustmentioning

confidence: 99%

“…There are several approaches to determine Trust, further described in [12]. To the best of our knowledge, the TISPs that are mentioned in this study do not establish trust using automated mechanisms.…”

Section: A Cti Quality and Trustmentioning

confidence: 99%

Trust and Quality Computation for Cyber Threat Intelligence Sharing Platforms

Mavzer

Konieczná

Alves

et al. 2021

2021 IEEE International Conference on Cyber Security and Resilience (CSR)

View full text Add to dashboard Cite

show abstract

“…CTI systems formalize and classify cyber threat patterns to increase the understanding of cyber threats. In [15], the types of CTI data in terms of data sharing are categorized. The CTI system can use the kill-chain model [16] as a threat response technique that formalizes cyber threat stages and uses optimal countermeasures for each attack phase.…”

Section: State Of the Artmentioning

confidence: 99%

BLOCIS: Blockchain-Based Cyber Threat Intelligence Sharing Framework for Sybil-Resistance

Gong

Lee

2020

Electronics

View full text Add to dashboard Cite

The convergence of fifth-generation (5G) communication and the Internet-of-Things (IoT) has dramatically increased the diversity and complexity of the network. This change diversifies the attacker’s attack vectors, increasing the impact and damage of cyber threats. Cyber threat intelligence (CTI) technology is a proof-based security system which responds to these advanced cyber threats proactively by analyzing and sharing security-related data. However, the performance of CTI systems can be significantly compromised by creating and disseminating improper security policies if an attacker intentionally injects malicious data into the system. In this paper, we propose a blockchain-based CTI framework that improves confidence in the source and content of the data and can quickly detect and eliminate inaccurate data for resistance to a Sybil attack. The proposed framework collects CTI by a procedure validated through smart contracts and stores information about the metainformation of data in a blockchain network. The proposed system ensures the validity and reliability of CTI data by ensuring traceability to the data source and proposes a system model that can efficiently operate and manage CTI data in compliance with the de facto standard. We present the simulation results to prove the effectiveness and Sybil-resistance of the proposed framework in terms of reliability and cost to attackers.

show abstract

“…In [20], the authors evaluate current standards, ontologies, and taxonomies for CTI sharing. Wagner et al [21] define a trust taxonomy of shared cyber threat intelligence, analyzing 30 threat intelligence platforms and providers according to their trust functionalities. Most solutions do not allow direct external connection or allow this with manual trust establishment among organizations.…”

Section: Related Workmentioning

confidence: 99%

Distributed Security Framework for Reliable Threat Intelligence Sharing

Preuveneers

Joosen

Bernabé

et al. 2020

Security and Communication Networks

View full text Add to dashboard Cite

Computer security incident response teams typically rely on threat intelligence platforms for information about sightings of cyber threat events and indicators of compromise. Other security building blocks, such as Network Intrusion Detection Systems, can leverage the information to prevent malicious adversaries from spreading malware across critical infrastructures. The effectiveness of threat intelligence platforms heavily depends on the willingness to share among organizations and the responsible use of sensitive information that may potentially harm the reputation of the reporting organization. The challenge that we address is the lack of trust in the source providing the threat intelligence and the information itself. We enhance our security framework TATIS—offering fine-grained protection for threat intelligence platform APIs—with distributed ledger capabilities to enable reliable and trustworthy threat intelligence sharing with the ability to audit the provenance of threat intelligence. We have implemented and evaluated the feasibility of our distributed framework on top of the Malware Information Sharing Platform (MISP) solution, and we evaluate the performance impact using real-world open-source threat intelligence feeds.

show abstract

A Novel Trust Taxonomy for Shared Cyber Threat Intelligence

Cited by 24 publications

References 10 publications

Trust and Quality Computation for Cyber Threat Intelligence Sharing Platforms

Trust and Quality Computation for Cyber Threat Intelligence Sharing Platforms

BLOCIS: Blockchain-Based Cyber Threat Intelligence Sharing Framework for Sybil-Resistance

Distributed Security Framework for Reliable Threat Intelligence Sharing

Contact Info

Product

Resources

About