Abstract
Although cyber threat intelligence (CTI) exchange is a theoretically useful technique for improving security of a society, the potential participants are often reluctant to share their CTI and prefer to consume only, at least in voluntary based approaches. Such behavior destroys the idea of information exchange. On the other hand, governments are forcing specific entities and operators to report them specific incidents depending on their impact, otherwise there could be sanctions to those operators which are not reporting them on time. Obligations and sanctions are usually discouraging participants to share information voluntarily which will just share and report what is strictly required. We propose a paradigm shift of cybersecurity information exchange by introducing a new way to encourage all participants involved, at all levels, to share relevant information dynamically. It will also contribute to the support and deployment of Dynamic Risk Management frameworks to keep risks under an acceptance level along the time. Participants will have new and specific incentives to share, invest and consume threat intelligence and risk intelligence information depending on their different roles (producers, consumers, investors, donors and owner). Our proposal leverages from standards like Structured Threat Information Exchange, as well as W3C semantic web standards to enable a workspace of knowledge related to behavioral threat intelligence patterning to characterize tactics, techniques and procedures. At the same time, we propose an Ethereum Blockchain Smart contract Marketplace to better incentivize the sharing of that knowledge between all parties involved as well as creating a standard CTI token as a digital asset with a promising value in the market. Simulations and an experimentation were performed to demonstrate its benefits and incentives, but also its potential limits with regard to storage and cost of transactions.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
References
OSINT, ATP 22-2.29. Open source intelligence headquarters departments of the army. Retrieved June 1, 2019 from https://fas.org/irp/doddir/army/atp2-22-9.pdf.
NIST Guide to CTI sharing. (2016). Guide to cyber threat information sharing, Special Publication 800-150. https://doi.org/10.6028/NIST.SP.800-150.
Vishik, C., Sheldon, F., & Ott, D. (2013). Economic incentives for cybersecurity: Using economics to design technologies ready for deployment. In H. Reimer, N. Pohlmann & W. Schneider (Eds), ISSE 2013 securing electronic business processes (pp. 133-147). Wiesbaden: Springer. https://doi.org/10.1007/978-3-658-03371-2_12.
Tosh, D., Sengupta, S., Kamhoua, C. A., & Kwiat, K. A. (2018). Establishing evolutionary game models for CYBer security information EXchange (CYBEX). Journal of Computer and System Sciences, 98, 27–52. https://doi.org/10.1016/j.jcss.2016.08.005.
Skopik, F., Settanni, G., & Fiedler, R. (2016). A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing. Computers and Security, 60, 154–176. https://doi.org/10.1016/j.cose.2016.04.003.
de Fuentes, J. M., González-Manzano, L., Tapiador, J., & Peris-Lopez, P. (2017). PRACIS: Privacy-preserving and aggregatable cybersecurity information sharing. Computers and Security, 69, 127–141. https://doi.org/10.1016/j.cose.2016.12.011.
Ring, T. (2014). Threat intelligence: Why people don’t share. Computer Fraud and Security, 2014(3), 5–9. https://doi.org/10.1016/S1361-3723(14)70469-5.
Tounsi, W., & Rais, H. (2018). A survey on technical threat intelligence in the age of sophisticated cyber attacks. Computers and Security, 72, 212–233. https://doi.org/10.1016/j.cose.2017.09.001.
Riesco, R., & Villagra, V. A. (2019). Leveraging cyber threat intelligence for a dynamic risk framework. International Journal of Information Security. https://doi.org/10.1007/s10207-019-00433-2.
Sauerwein, C. et al. (2017). Threat intelligence sharing platforms: An exploratory study of software vendors and research perspectives. Wirtschaftsinformatik. Retrieved June 1, 2019 from https://www.wi2017.ch/images/wi2017-0188.pdf.
Leszczyna, R., & Wróbel, M.R. (2019). Threat intelligence platform for the energy sector. In Wiley online library. https://doi.org/10.1002/spe.2705.
Wagner, C., Dulaunoy, A., Wagener, G., & Iklody, A., MISP: The design and implementation of a collaborative threat intelligence sharing platform. In Proceedings of the 2016 ACM on workshop on information sharing and collaborative security (WISCS ’16). ACM, New York, NY, USA (pp. 49–56). https://doi.org/10.1145/2994539.2994542.
NATO OSINT Handbook. NATO Open source intelligence handbook. Retrieved June 1, 2019 from https://www.academia.edu/4037348/NATO_Open_Source_Intelligence_Handbook.
Bianco, D. (2014). The pyramid of pain. Retrieved June 1, 2019 from http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html.
OASIS. TTP (Techniques, Tactics and Procedures by STIX™. Retrieved June 1, 2019 from https://stixproject.github.io/getting-started/whitepaper/#tactics-techniques-and-procedures-ttp.
ERC20 token IEIP20 - ERC20 standard token. Retrieved June 1, 2019 from https://eips.ethereum.org/EIPS/eip-20.
W3C. Reasoner. Retrieved June 1, 2019 from https://www.w3.org/2001/sw/wiki/Category:Reasoner.
OASIS. STIX™2.0 specifications. Retrieved June 1, 2019 from https://oasis-open.github.io/cti-documentation/stix/intro#stix-2-objects.
W3C. OWL. Retrieved June 1, 2019 from https://www.w3.org/OWL/.
W3C. Ontology. Retrieved June 1, 2019 from https://www.w3.org/standards/semanticweb/ontology.
W3C. SWRL semantic web rule language. Retrieved June 1, 2019 from https://www.w3.org/Submission/SWRL/.
Nath, I. (2016). Data exchange platform to fight insurance fraud on blockchain. In IEEE 16th international conference on data mining workshops (ICDMW). https://doi.org/10.1109/ICDMW.2016.0121.
Polyswarm. Polyswarm decentralized threat detection marketplace. Retrieved June 1, 2019 from https://polyswarm.io.
Graf, R., & King, R. (2018). Neural network and blockchain based technique for cyber threat intelligence and situational awareness. In International conference on cyber conflict, CYCON. https://doi.org/10.23919/CYCON.2018.8405028.
OASIS. STIX™White paper. Retrieved June 1, 2019 from https://stixproject.github.io/about/STIX_Whitepaper_v1.1.pdf.
Ravsan, S.K. (2018). Utility tokens: Discussion, economic model and simulation in R, Hackernoon. Retrieved June 1, 2019 from https://hackernoon.com/utility-tokens-discussion-economic-model-and-simulation-in-r-798c0ff3d26c.
Ciaian, P., Rajcaniova, M., & Kancs, A. (2016). The economics of BitCoin price formation. Applied Economics, 48(19), 1799–1815. https://doi.org/10.1080/00036846.2015.1109038.
Zheng, Q., Li, Y., Chen, P. & Dong, X. (2018). An innovative IPFS-based storage model for blockchain. In IEEE/WIC/ACM international conference on web intelligence, WI. https://doi.org/10.1109/WI.2018.000-8.
Ethereum contract storage. How to read Ethereum contract storage. Retrieved June 1, 2019 from https://medium.com/aigang-network/how-to-read-ethereum-contract-storage-44252c8af925.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
All authors declare that they do not have any conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Riesco, R., Larriva-Novo, X. & Villagra, V.A. Cybersecurity threat intelligence knowledge exchange based on blockchain. Telecommun Syst 73, 259–288 (2020). https://doi.org/10.1007/s11235-019-00613-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11235-019-00613-4