The Abuse Sharing Economy: Understanding the Limits of Threat Exchanges

Thomas, Kurt; Amira, Rony; Ben-Yoash, Adi; Folger, Ori; Hardon, Amir; Berger, Ari; Bursztein, Elie; Bailey, Michael

doi:10.1007/978-3-319-45719-2_7

Cited by 7 publications

(3 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similarly, in STIX 2, each data source possesses a significant number of uniquely shared STIX objects not found in other data sources. These results are consistent with previous work showing that most data in threat intelligence feeds are unique [41], [68], [26].…”

Section: Data Duplicationsupporting

confidence: 93%

Sharing cyber threat intelligence: Does it really help?

Jin,

Kim,

Lee

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

The sharing of Cyber Threat Intelligence (CTI) across organizations is gaining traction, as it can automate threat analysis and improve security awareness. However, limited empirical studies exist on the prevalent types of cybersecurity threat data and their effectiveness in mitigating cyber attacks. We propose a framework named CTI-Lense to collect and analyze the volume, timeliness, coverage, and quality of Structured Threat Information eXpression (STIX) data, a de facto standard CTI format, from a list of publicly available CTI sources. We collected about 6 million STIX data objects from October 31, 2014 to April 10, 2023 from ten data sources and analyzed their characteristics. Our analysis reveals that STIX data sharing has steadily increased in recent years, but the volume of STIX data shared is still relatively low to cover all cyber threats. Additionally, only a few types of threat data objects have been shared, with malware signatures and URLs accounting for more than 90% of the collected data. While URLs are usually shared promptly, with about 72% of URLs shared earlier than or on the same day as VirusTotal, the sharing of malware signatures is significantly slower. Furthermore, we found that 19% of the Threat actor data contained incorrect information, and only 0.09% of the Indicator data provided security rules to detect cyber attacks. Based on our findings, we recommend practical considerations for effective and scalable STIX data sharing among organizations.

show abstract

Section: Data Duplicationsupporting

confidence: 93%

Sharing cyber threat intelligence: Does it really help?

Jin,

Kim,

Lee

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…The benefits of the sharing economy with low prices, labor flexibility, and demand-driven transactions are reflected in the opposite pole: low wages, tax evasion, lack of social security rights, and regulatory uncertainty regarding requisite insurance, food, and fire safety (Ranchordás 2016). The sharing economy can also generate internet fraud, requiring special regulation and monitoring (Thomas et al 2016). Corporations that use the sharing economy model also face obstacles.…”

Section: Cooperation and Non-cooperation In The Sharing Economymentioning

confidence: 99%

Development of Regulatory Strategies in the Sharing Economy: The Application of Game Theory

Veretennikova,

Selezneva

2023

Economies

View full text Add to dashboard Cite

Regulating the sharing economy is one of the most important aspects in the development of a business model that has developed rapidly due to the widespread adoption of digital technologies and is closely linked to the fast pace of institutional changes. The present study aims to develop strategies for regulating the sharing economy through the application of game theory. The authors identify common cooperative and non-cooperative strategies in the interaction of two participants: the state and the company. The matrix of strategies is based on the results of the analysis, which considers the interaction benefits, costs, and the positive and negative effects of this process. These strategies are exemplified in scenarios of interaction between the state and the sharing economy company in relation to three possible problems: environmental pollution, parking deficiency, and budget deficit. Furthermore, the study presents a comprehensive payoff matrix and provides a description of various sustainable and long-term scenarios. It also highlights the key parameters that should be taken into account when selecting a behavioral strategy for economic agents. In addition, the study establishes that supporting industries and projects of the sharing economy, as well as creating conditions or attracting investments, increasing public trust in government and business, and involving various social groups in resolving social problems are essential elements in the harmonious development of the sharing economy. These elements contribute to its potential to raise living standards. The practical significance of this study lies in the possibility of applying its results in the implementation of social and ecological objectives through the advancement of sharing economy initiatives.

show abstract

“…They show, for example, that the lists are changing quickly and that even the geographic distribution of malicious IP addresses around the world is highly nonuniform. Another characteristics are shown in [17], where authors analyze lists of IP addresses reported as malicious by various Google services. For example, they show that 1 % of the most active malign IP addresses are responsible for 48-82 % of all attacks (depending on the service attacked).…”

Section: Evaluating Reputation Of Network Entitiesmentioning

confidence: 99%

Network entity characterization and attack prediction

Bartoš

Žádník

Habib

et al. 2019

Future Generation Computer Systems

View full text Add to dashboard Cite

The devastating effects of cyber-attacks, highlight the need for novel attack detection and prevention techniques. Over the last years, considerable work has been done in the areas of attack detection as well as in collaborative defense. However, an analysis of the state of the art suggests that many challenges exist in prioritizing alert data and in studying the relation between a recently discovered attack and the probability of it occurring again. In this article, we propose a system that is intended for characterizing network entities and the likelihood that they will behave maliciously in the future. Our system, namely Network Entity Reputation Database System (NERDS), takes into account all the available information regarding a network entity (e. g. IP address) to calculate the probability that it will act maliciously. The latter part is achieved via the utilization of machine learning. Our experimental results show that it is indeed possible to precisely estimate the probability of future attacks from each entity using information about its previous malicious behavior and other characteristics. Ranking the entities by this probability has practical applications in alert prioritization, assembly of highly effective blacklists of a limited length and other use cases.

show abstract

The Abuse Sharing Economy: Understanding the Limits of Threat Exchanges

Cited by 7 publications

References 18 publications

Sharing cyber threat intelligence: Does it really help?

Sharing cyber threat intelligence: Does it really help?

Development of Regulatory Strategies in the Sharing Economy: The Application of Game Theory

Network entity characterization and attack prediction

Contact Info

Product

Resources

About