Litcius/Paper detail

Distributed Security Framework for Reliable Threat Intelligence Sharing

Davy Preuveneers, Wouter Joosen, Jorge Bernal Bernabé, Antonio Skármeta

2020Security and Communication Networks41 citationsDOIOpen Access PDF

Abstract

Computer security incident response teams typically rely on threat intelligence platforms for information about sightings of cyber threat events and indicators of compromise. Other security building blocks, such as Network Intrusion Detection Systems, can leverage the information to prevent malicious adversaries from spreading malware across critical infrastructures. The effectiveness of threat intelligence platforms heavily depends on the willingness to share among organizations and the responsible use of sensitive information that may potentially harm the reputation of the reporting organization. The challenge that we address is the lack of trust in the source providing the threat intelligence and the information itself. We enhance our security framework TATIS—offering fine-grained protection for threat intelligence platform APIs—with distributed ledger capabilities to enable reliable and trustworthy threat intelligence sharing with the ability to audit the provenance of threat intelligence. We have implemented and evaluated the feasibility of our distributed framework on top of the Malware Information Sharing Platform (MISP) solution, and we evaluate the performance impact using real-world open-source threat intelligence feeds.

Topics & Concepts

Computer scienceComputer securityReputationMalwareInformation sharingIntrusion detection systemInternet privacyWorld Wide WebSocial scienceSociologyAdvanced Malware Detection TechniquesNetwork Security and Intrusion DetectionInformation and Cyber Security
Distributed Security Framework for Reliable Threat Intelligence Sharing | Litcius