Standards-based Cyber Threat Intelligence sharing using private Blockchains

• Autorzy: Provatas Kimonas , Tzannetos Ioannis , Vescoukis Vassilios

Identyfikatory

DOI

10.15439/2023F6880

• Języki publikacji: EN

Abstrakty

EN

As cyber-attacks become more and more sophisticated, sharing information that helps organizations design and implement efficient defense measures, is of critical importance. Such information can be shared using any service available, such as plain-old mailing lists, forums, etc. More mature systems use standards that facilitate the structural and semantic organization of information about cyber threats, which enables both automated processing and interpretation of such info, such as indexing, cross-referencing, updating, and more. However, even systems sharing cyber-attack info are themselves vulnerable, not only to typical and easily detectable attacks such as DoS, but also to content poisoning. Implementing such systems using decentralized architectures such as blockchain, could overcome many of the deficiencies of centralized cyber-threat information sharing systems. This paper presents the specification, design, and implementation of such a decentralized system using two popular standards for cyber threat intelligence sharing, namely STIX for representing and TAXII for sharing such info using a REST API. The system, implemented on Hyperledger Fabric, faces the challenge of adhering to standards designed for a centralized world and offering a transparent way for implementing all the backend on a blockchain.

Słowa kluczowe

EN

blockchain; cyber threat intelligence; cyber defense; TAXII

PL

blockchain; cyberzagrożenia; cyberobrona; TAXII

• Wydawca: Polskie Towarzystwo Informatyczne
• Czasopismo: Annals of Computer Science and Information Systems
• Rocznik: 2023
• Tom: Vol. 35
• Strony: 649--656
• Opis fizyczny: Bibliogr. 16 poz., il.

Twórcy

autor

Provatas Kimonas

• National Technical University of Athens and IBM Hellas NTUA Campus, Zografos 15780, Greece

autor

Tzannetos Ioannis

• National Technical University of Athens, Software Engineering Lab, NTUA Campus, Zografos 15780, Greece

• https://orcid.org/0009-0009-7505-965X

autor

Vescoukis Vassilios

• National Technical University of Athens, Software Engineering Lab, NTUA Campus, Zografos 15780, Greece

• https://orcid.org/0000-0002-5360-8349

Bibliografia

• 1. Cobb, M. and Wigmore, I. (2021) What is threat intelligence (cyber threat intelligence)? – definition from whatis.com, WhatIs.com. Available at: https://www.techtarget.com/whatis/definition/threat-intelligence-cyber-threat-intelligence
• 2. What is STIX? (2020) Introduction to stix. Available at: https://oasis-open.github.io/cti-documentation/stix/intro.
• 3. (2020) Introduction to taxii. Available at: https://oasis- open.github.io/cti-documentation/taxii/intro.html.
• 4. Private data (2017) hyperledger. Available at: https://hyperledger-fabric.readthedocs.io/en/release-2.2/private-data/private-data.html.
• 5. (2017) Ledger. Available at: https://hyperledger-fabric.readthedocs.io/en/release-2.2/ledger.html.
• 6. Hyperledger fabric network (2017) hyperledger. Available at: https://hyperledger-fabric.readthedocs.io/en/release-1.2/network/network.html.
• 7. Hyperledger Fabric model (2017) hyperledger. Available at: https://hyperledger-fabric.readthedocs.io/en/latest/fabric_model.html.
• 8. TAXII specification (2020) TAXII Version 2.1. Available at: https://docs.oasis-open.org/cti/taxii/v2.1/os/taxii-v2.1-os.html.
• 9. Registering and enrolling identities with a CA (2017) hyperledger. Available at: https://hyperledger-fabric-ca.readthedocs.io/en/latest/deployguide/use_CA.html.
• 10. Smart contracts and chaincode (2017) hyperledger. Available at: https://hyperledger-fabric.readthedocs.io/en/latest/smartcontract/smartcontract.html.
• 11. STIX specification (2020) STIXTM Version 2.1. Available at: https://docs.oasis-open.org/cti/stix/v2.1/csprd01/stix-v2.1-csprd01.html.
• 12. A new network model for cyber threat intelligence sharing using blockchain (2019). Available at: https://arrow.tudublin.ie/cgi/viewcontent.cgi?article=1003&context=nsdcon
• 13. Traffic Light Protocol (TLP) Definitions and Usage (2022). Available at https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage
• 14. Collaborative Cyber Attack Defense in SDN Networks using Blockchain Technology (2020). Available at: https://www.researchgate.net/publication/343616521_Collaborative_Cyber_Attack_Defense_in_SDN_Networks_using_Blockchain_Technology.
• 15. Secure exchange of cyber threat intelligence using TAXII and distributed ledger technologies - application for electrical power and energy system (2021). Available at: https://dl.acm.org/doi/10.1145/3465481.3470476
• 16. Secure and Efficient Exchange of Threat Information Using Blockchain Technology (2022). Available at: https://www.mdpi.com/2078-2489/13/10/463

Uwagi

1. Thematic Tracks Regular Papers

2. Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2024).