多领域实体协同防御的网络威胁情报共享

IF 7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI:10.1109/TDSC.2022.3214423

Soumya Purohit, R. Neupane, Naga Ramya Bhamidipati, Varsha Vakkavanthula, Songjie Wang, Matthew Rockey, P. Calyam

{"title":"多领域实体协同防御的网络威胁情报共享","authors":"Soumya Purohit, R. Neupane, Naga Ramya Bhamidipati, Varsha Vakkavanthula, Songjie Wang, Matthew Rockey, P. Calyam","doi":"10.1109/TDSC.2022.3214423","DOIUrl":null,"url":null,"abstract":"Cloud-hosted applications are prone to targeted attacks such as DDoS, advanced persistent threats, Cryptojacking which threaten service availability. Recently, methods for threat information sharing and defense require cooperation and trust between multiple domains/entities. There is a need for mechanisms that establish distributed trust to allow for such a collective defense. In this paper, we present a novel threat intelligence sharing and defense system, namely “DefenseChain,” to allow organizations to have incentive-based and trustworthy cooperation to mitigate the impact of cyber attacks. Our solution approach features a consortium Blockchain platform and an economic model to obtain threat data and select suitable peers to help with attack detection and mitigation. We apply DefenseChain in the financial technology industry for an insurance claim processing use case to demonstrate the effectiveness of DefenseChain in a real-world application setting. Our evaluation experiments with DefenseChain implementation are performed on an Open Cloud testbed with Hyperledger Composer and in a simulation environment. Our results show that the DefenseChain system overall performs better than state-of-the-art decision making schemes in choosing the most appropriate detector and mitigator peers. Lastly, we validate how DefenseChain helps mitigate the threat risk of incidents relating to potential fraudulent insurance claims or cyber attacks.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4273-4290"},"PeriodicalIF":7.0000,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Cyber Threat Intelligence Sharing for Co-Operative Defense in Multi-Domain Entities\",\"authors\":\"Soumya Purohit, R. Neupane, Naga Ramya Bhamidipati, Varsha Vakkavanthula, Songjie Wang, Matthew Rockey, P. Calyam\",\"doi\":\"10.1109/TDSC.2022.3214423\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cloud-hosted applications are prone to targeted attacks such as DDoS, advanced persistent threats, Cryptojacking which threaten service availability. Recently, methods for threat information sharing and defense require cooperation and trust between multiple domains/entities. There is a need for mechanisms that establish distributed trust to allow for such a collective defense. In this paper, we present a novel threat intelligence sharing and defense system, namely “DefenseChain,” to allow organizations to have incentive-based and trustworthy cooperation to mitigate the impact of cyber attacks. Our solution approach features a consortium Blockchain platform and an economic model to obtain threat data and select suitable peers to help with attack detection and mitigation. We apply DefenseChain in the financial technology industry for an insurance claim processing use case to demonstrate the effectiveness of DefenseChain in a real-world application setting. Our evaluation experiments with DefenseChain implementation are performed on an Open Cloud testbed with Hyperledger Composer and in a simulation environment. Our results show that the DefenseChain system overall performs better than state-of-the-art decision making schemes in choosing the most appropriate detector and mitigator peers. Lastly, we validate how DefenseChain helps mitigate the threat risk of incidents relating to potential fraudulent insurance claims or cyber attacks.\",\"PeriodicalId\":13047,\"journal\":{\"name\":\"IEEE Transactions on Dependable and Secure Computing\",\"volume\":\"20 1\",\"pages\":\"4273-4290\"},\"PeriodicalIF\":7.0000,\"publicationDate\":\"2023-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Dependable and Secure Computing\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1109/TDSC.2022.3214423\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Dependable and Secure Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1109/TDSC.2022.3214423","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 3

摘要

云托管应用程序容易受到DDoS、高级持久性威胁、Cryptojacking等有针对性的攻击，从而威胁服务可用性。最近，威胁信息共享和防御方法需要多个域/实体之间的合作和信任。需要建立分布式信任的机制来实现这种集体防御。在本文中，我们提出了一种新的威胁情报共享和防御系统，即“防御链”，使组织能够进行基于激励和值得信赖的合作，以减轻网络攻击的影响。我们的解决方案方法采用联盟区块链平台和经济模型，以获取威胁数据并选择合适的对等方来帮助检测和缓解攻击。我们将DefenseChain应用于金融科技行业的保险索赔处理用例，以展示DefenseChan在现实应用环境中的有效性。我们对DefenseChain实现的评估实验是在Hyperledger Composer的开放云测试台上和模拟环境中进行的。我们的结果表明，在选择最合适的检测器和缓解对等体方面，DefenseChain系统总体上比最先进的决策方案表现更好。最后，我们验证了DefenseChain如何帮助降低与潜在欺诈性保险索赔或网络攻击有关的事件的威胁风险。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Cyber Threat Intelligence Sharing for Co-Operative Defense in Multi-Domain Entities

Cloud-hosted applications are prone to targeted attacks such as DDoS, advanced persistent threats, Cryptojacking which threaten service availability. Recently, methods for threat information sharing and defense require cooperation and trust between multiple domains/entities. There is a need for mechanisms that establish distributed trust to allow for such a collective defense. In this paper, we present a novel threat intelligence sharing and defense system, namely “DefenseChain,” to allow organizations to have incentive-based and trustworthy cooperation to mitigate the impact of cyber attacks. Our solution approach features a consortium Blockchain platform and an economic model to obtain threat data and select suitable peers to help with attack detection and mitigation. We apply DefenseChain in the financial technology industry for an insurance claim processing use case to demonstrate the effectiveness of DefenseChain in a real-world application setting. Our evaluation experiments with DefenseChain implementation are performed on an Open Cloud testbed with Hyperledger Composer and in a simulation environment. Our results show that the DefenseChain system overall performs better than state-of-the-art decision making schemes in choosing the most appropriate detector and mitigator peers. Lastly, we validate how DefenseChain helps mitigate the threat risk of incidents relating to potential fraudulent insurance claims or cyber attacks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Dependable and Secure Computing 工程技术-计算机：软件工程

CiteScore

11.20

自引率

5.50%

发文量

354

审稿时长

9 months

期刊介绍： The "IEEE Transactions on Dependable and Secure Computing (TDSC)" is a prestigious journal that publishes high-quality, peer-reviewed research in the field of computer science, specifically targeting the development of dependable and secure computing systems and networks. This journal is dedicated to exploring the fundamental principles, methodologies, and mechanisms that enable the design, modeling, and evaluation of systems that meet the required levels of reliability, security, and performance. The scope of TDSC includes research on measurement, modeling, and simulation techniques that contribute to the understanding and improvement of system performance under various constraints. It also covers the foundations necessary for the joint evaluation, verification, and design of systems that balance performance, security, and dependability. By publishing archival research results, TDSC aims to provide a valuable resource for researchers, engineers, and practitioners working in the areas of cybersecurity, fault tolerance, and system reliability. The journal's focus on cutting-edge research ensures that it remains at the forefront of advancements in the field, promoting the development of technologies that are critical for the functioning of modern, complex systems.