Rethinking information sharing for threat intelligence

Proceedings of the fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies Pub Date : 2017-10-14 DOI:10.1145/3132465.3132468

Aziz Mohaisen, Omar Al-Ibrahim, C. Kamhoua, K. Kwiat, L. Njilla

{"title":"Rethinking information sharing for threat intelligence","authors":"Aziz Mohaisen, Omar Al-Ibrahim, C. Kamhoua, K. Kwiat, L. Njilla","doi":"10.1145/3132465.3132468","DOIUrl":null,"url":null,"abstract":"In the past decade, the information security and threat landscape has grown significantly making it difficult for a single defender to defend against all attacks at the same time. This called for introducing information sharing, a paradigm in which threat indicators are shared in a community of trust to facilitate defenses. Standards for representation, exchange, and consumption of indicators are proposed in the literature, although various issues are undermined. In this paper, we take the position of rethinking information sharing for actionable intelligence, by highlighting various issues that deserve further exploration. We argue that information sharing can benefit from well-defined use models, threat models, well-understood risk by measurement and robust scoring, well-understood and preserved privacy and quality of indicators and robust mechanism to avoid free riding behavior of selfish agents. We call for using the differential nature of data and community structures for optimizing sharing designs and structures.","PeriodicalId":411240,"journal":{"name":"Proceedings of the fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3132465.3132468","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 17

Abstract

In the past decade, the information security and threat landscape has grown significantly making it difficult for a single defender to defend against all attacks at the same time. This called for introducing information sharing, a paradigm in which threat indicators are shared in a community of trust to facilitate defenses. Standards for representation, exchange, and consumption of indicators are proposed in the literature, although various issues are undermined. In this paper, we take the position of rethinking information sharing for actionable intelligence, by highlighting various issues that deserve further exploration. We argue that information sharing can benefit from well-defined use models, threat models, well-understood risk by measurement and robust scoring, well-understood and preserved privacy and quality of indicators and robust mechanism to avoid free riding behavior of selfish agents. We call for using the differential nature of data and community structures for optimizing sharing designs and structures.

查看原文本刊更多论文

重新思考威胁情报的信息共享

在过去的十年中，信息安全和威胁形势显著增长，使得单个防御者难以同时防御所有攻击。这需要引入信息共享，即在信任社区中共享威胁指标以促进防御的范例。文献中提出了指标的代表性、交换和消费标准，尽管各种问题都受到了破坏。在本文中，我们通过强调值得进一步探索的各种问题，采取重新思考可操作情报信息共享的立场。我们认为，信息共享可以受益于定义良好的使用模型、威胁模型、通过测量和稳健的评分来充分理解风险、充分理解和保护指标的隐私和质量以及稳健的机制来避免自私主体的搭便车行为。我们呼吁利用数据和社区结构的差异性来优化共享设计和结构。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies

自引率

0.00%

发文量