A Privacy-Preserving Cyber Threat Intelligence Sharing System

Huff, Philip; Massengale, Spencer; Phuong, Tran Viet Xuan; Gourisetti, Sri Nikhil Gupta

doi:10.1109/TPS-ISA62245.2024.00016

A Privacy-Preserving Cyber Threat Intelligence Sharing System

Journal Article · Mon Oct 28 00:00:00 EDT 2024 · 2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)

DOI:https://doi.org/10.1109/TPS-ISA62245.2024.00016· OSTI ID:2587202

Huff, Philip ^[1]; Massengale, Spencer ^[1]; Phuong, Tran Viet Xuan ^[1]; Gourisetti, Sri Nikhil Gupta ^[1]

University of Arkansas at Little Rock, AR (United States)

Cyber Threat Intelligence (CTI) is a key resource for developing defensive strategies against potential cyber adversaries. Entities typically access CTI through open-source platforms, national agencies, or specialized commercial services. However, the bi-directional exchange of CTI is hindered by organizational trust boundaries, which complicate the sharing processes between entities and CTI providers. Centralized CTI services benefit from receiving suspicious cyber observables such as IP addresses, domain names, and email addresses from various entities. The aggregation allows for the correlation of widespread adversarial activities to enhance the alert and response mechanisms across the network of involved parties. Despite these benefits, openly sharing such observables incurs potential legal, regulatory, and reputational risks for the disclosing entities.This paper introduces a system designed to facilitate the secure exchange of cyber observables across trust boundaries without compromising the anonymity of the sharing entities. Here, we propose an architecture that leverages common web protocols alongside zero-knowledge proofs to authenticate members while maintaining anonymity. Additionally, we outline a privacy model tailored for STIX (Structured Threat Information eXpression) cyber observables to minimize the risk of inadvertently disclosing private information. Through our threat models, we assess the privacy implications of our proposed system and demonstrate its potential to enhance collaborative cyber defense efforts without exposing entities to undue risk.

Research Organization:: National Energy Technology Laboratory (NETL), Pittsburgh, PA, Morgantown, WV, and Albany, OR (United States)

Sponsoring Organization:: USDOE

Grant/Contract Number:: CR0000031; CR0000022

OSTI ID:: 2587202

Report Number(s):: DOE-UALR-CR31--1

Journal Information:: 2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA), Journal Name: 2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)

Publisher:: IEEECopyright Statement

Country of Publication:: United States

Language:: English

References (9)

Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials Camenisch, Jan; Lysyanskaya, Anna Lecture Notes in Computer Science, p. 61-76 https://doi.org/10.1007/3-540-45708-9_5	book	January 2002
DEALER: decentralized incentives for threat intelligence reporting and exchange Menges, Florian; Putz, Benedikt; Pernul, Günther International Journal of Information Security, Vol. 20, Issue 5 https://doi.org/10.1007/s10207-020-00528-1	journal	December 2020
Toward Automated Cyber Defense with Secure Sharing of Structured Cyber Threat Intelligence Haque, Md. Farhan; Krishnan, Ram Information Systems Frontiers, Vol. 23, Issue 4 https://doi.org/10.1007/s10796-020-10103-7	journal	February 2021
Cyber Threat Intelligence Sharing Scheme Based on Federated Learning for Network Intrusion Detection Sarhan, Mohanad; Layeghy, Siamak; Moustafa, Nour Journal of Network and Systems Management, Vol. 31, Issue 1 https://doi.org/10.1007/s10922-022-09691-3	journal	October 2022
Cybersecurity threat intelligence knowledge exchange based on blockchain Riesco, R.; Larriva-Novo, X.; Villagra, V. A. Telecommunication Systems, Vol. 73, Issue 2 https://doi.org/10.1007/s11235-019-00613-4	journal	September 2019
BFLS: Blockchain and Federated Learning for sharing threat detection models as Cyber Threat Intelligence Jiang, Tongtong; Shen, Guowei; Guo, Chun Computer Networks, Vol. 224 https://doi.org/10.1016/j.comnet.2023.109604	journal	April 2023
Cyber threat intelligence sharing: Survey and research directions Wagner, Thomas D.; Mahbub, Khaled; Palomar, Esther Computers & Security, Vol. 87 https://doi.org/10.1016/j.cose.2019.101589	journal	November 2019
Current approaches and future directions for Cyber Threat Intelligence sharing: A survey Alaeifar, Poopak; Pal, Shantanu; Jadidi, Zahra Journal of Information Security and Applications, Vol. 83 https://doi.org/10.1016/j.jisa.2024.103786	journal	June 2024
Universal Sentence Encoder for English Cer, Daniel; Yang, Yinfei; Kong, Sheng-yi Proceedings of the 2018 Conference on Empirical Methods in Natural Language Processing: System Demonstrations https://doi.org/10.18653/v1/d18-2029	conference	January 2018

Similar Records

Improving Cyber Situational Understanding

Thesis/Dissertation · Wed Aug 20 00:00:00 EDT 2025 · OSTI ID:2584218

Privacy Vulnerability of Published Anonymous Mobility Traces

Journal Article · Sat Jun 01 00:00:00 EDT 2013 · IEEE/ACM Transactions on Networking · OSTI ID:1095747

Mitigate: An Adaptive Network Data Anonymization Tool Using Condensation-Based Differential Privacy

Technical Report · Mon Mar 14 00:00:00 EDT 2022 · OSTI ID:1854575

Related Subjects

BBS+ Signatures
Cyber Threat Intelligence
Privacy
STIX
Zero-Knowledge Proofs

A Privacy-Preserving Cyber Threat Intelligence Sharing System

Citation Formats

References (9)

Similar Records

Related Subjects