Rethinking Information Sharing For Threat Intelligence [Position Paper]

Keywords

Information Sharing; Privacy; Standards; Threat Intelligence

Abstract

In the past decade, the information security and threat landscape has grown significantly making it difficult for a single defender to defend against all attacks at the same time. This called for introducing information sharing, a paradigm in which threat indicators are shared in a community of trust to facilitate defenses. Standards for representation, exchange, and consumption of indicators are proposed in the literature, although various issues are undermined. In this paper, we take the position of rethinking information sharing for actionable intelligence, by highlighting various issues that deserve further exploration. We argue that information sharing can benefit from well-defined use models, threat models, well-understood risk by measurement and robust scoring, wellunderstood and preserved privacy and quality of indicators and robust mechanism to avoid free riding behavior of selfish agents. We call for using the differential nature of data and community structures for optimizing sharing designs and structures.

Publication Date

10-14-2017

Publication Title

HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1145/3132465.3132468

Socpus ID

85036607299 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/85036607299

This document is currently not available here.

Share

COinS