隐私保护体系下网络威胁情报共享的研究现状和方案设计

doi:10.3969/j.issn.1671-1122.2024.07.014

摘要/Abstract

摘要：

网络威胁情报共享有利于实现网络安全态势感知以应对网络威胁，但网络威胁情报高度敏感，处理不当极易导致共享者利益受损或暴露安全防护弱点等严重后果。因此，网络威胁情报共享的前提是保证数据安全和用户隐私。文章聚焦隐私保护体系下的网络威胁情报共享研究，首先对网络威胁情报、网络威胁情报共享、隐私计算技术等相关内容进行总结分析；然后从网络威胁情报共享面临的安全隐私问题出发，对近年的网络威胁情报共享技术路径和研究现状进行梳理和分析；最后设计一个基于隐私计算技术的网络威胁情报共享平台方案。

关键词: 网络安全, 网络威胁情报共享, 隐私计算

Abstract:

Cyber threat intelligence sharing is beneficial for achieving cyber security situational awareness to deal with cyber threats. However, the cyber threat intelligence is highly sensitive, improper handling can easily lead to damage interests of sharers or expose the weakness of security protection. Therefore, the premise of cyber threat intelligence sharing is to ensure data security and user privacy. This paper focused on the analysis and research of cyber threat intelligence sharing under the privacy protection system. First of all, we summarized and analyzed the cyber threat intelligence, cyber threat intelligence sharing and privacy computing technology. Then, starting from the security and privacy issues faced by cyber threat intelligence sharing, we carefully combed and deeply analyzed the technical path and research status of cyber threat intelligence sharing in recent years. Finally, based on the privacy computing, we designed the framework of cyber threat intelligence sharing scheme.

Key words: cyberspace security, cyber threat intelligence sharing, privacy computing

中图分类号:

TP309

问闻, 刘钦菊, 邝琳, 任雪静. 隐私保护体系下网络威胁情报共享的研究现状和方案设计[J]. 信息网络安全, 2024, 24(7): 1129-1137.

WEN Wen, LIU Qinju, KUANG Lin, REN Xuejing. Research and Scheme Design of Cyber Threat Intelligence Sharing under Privacy Protection System[J]. Netinfo Security, 2024, 24(7): 1129-1137.

图/表 8

图1

图2

图3

表1

图4

图5

图6

图7

参考文献 28

[1]	FU Jing. Exploration and Practice of Security Protection of Critical Information Infrastructure of Water Conservancy[J]. Netinfo Security, 2023, 23(8): 121-127.
	付静. 水利关键信息基础设施安全保护探索与实践[J]. 信息网络安全, 2023, 23(8):121-127.
[2]	TOUNSI W, RAIS H. A Survey on Technical Threat Intelligence in the Age of Sophisticated Cyber Attacks[J]. Computers & Security, 2018, 72: 212-233.
[3]	MCMILLAN R, PRATAP K. Market Guide for Security Threat Intelligence Services[EB/OL]. (2014-10-14)[2023-11-12]. https://www.gartner.com/en/documents/2874317?ref=ddisp.
[4]	LIN Yue, LIU Peng, WANG He, et al. Overview of Threat Intelligence Sharing and Exchange in Cybersecurity[J]. Journal of Computer Research and Development, 2020, 57(10): 2052-2065.
	林玥, 刘鹏, 王鹤, 等. 网络安全威胁情报共享与交换研究综述[J]. 计算机研究与发展, 2020, 57(10):2052-2065.
[5]	National Industrial Information Security Development Research Center. Cyber Security Threat Intelligence Industry Development Report(2021)[R]. China: National Industrial Information Security Development Research Center, 2021-dc-24, 2021.
	国家工业信息安全发展研究中心. 网络安全威胁情报行业发展报告(2021)[R]. 中国: 国家工业信息安全发展研究中心,2021-dc-24,2021.
[6]	WAGNER T D, MAHBUB K, PALOMAR E, et al. Cyber Threat Intelligence Sharing: Survey and Research Directions[EB/OL]. (2018-08-06)[2023-11-12]. https://doi.org/10.1016/j.cose.2019.101589.
[7]	LI Fenghua, LI Hui, JIA Yan, et al. Privacy Computing: Concept, Connotation and Its Research Trend[J]. Journal on Communications, 2016, 37(4): 1-11. doi: 10.11959/j.issn.1000-436x.2016078
	李凤华, 李晖, 贾焰, 等. 隐私计算研究范畴及发展趋势[J]. 通信学报, 2016, 37(4):1-11. doi: 10.11959/j.issn.1000-436x.2016078
[8]	HUO Wei, YU Yu, YANG Kang, et al. Privacy-Preserving Cryptographic Algorithms and Protocols: A Survey on Designs and Applications[J]. Scientia Sinica(Informationis), 2023, 53(9): 1688-1733.
	霍炜, 郁昱, 杨糠, 等. 隐私保护计算密码技术研究进展与应用[J]. 中国科学:信息科学, 2023, 53(9):1688-1733.
[9]	YAO A C C. How to Generate and Exchange Secrets[C]// IEEE. 27th Annual Symposium on Foundations of Computer Science. New York: IEEE, 1986: 162-167.
[10]	DEMMLER D, SCHNEIDER T, ZOHNER M. ABY-A Framework for Efficient Mixed-Protocol Secure Two-Party Computation[EB/OL]. (2015-02-01)[2023-11-14]. https://www.semanticscholar.org/paper/ABY-A-Framework-for-Efficient-Mixed-Protocol-Secure-Demmler-Schneider/20b5b5c25e2b56693b38fe7f69caddca78872085?p2df.
[11]	Github. MP-SPDZ[EB/OL]. (2023-12-14)[2023-12-18]. https://github.com/data61/MP-SPDZ.
[12]	IMPAGLIAZZO R, RUDICH S. Limits on the Provable Consequences of One-Way Permutations[C]// ACM. The Twenty-First Annual ACM symposium on Theory of Computing. New York: ACM, 1989: 44-61.
[13]	GOLDREICH O, MICALI S, WIGDERSON A. How to Play any Mental Game, or a Completeness Theorem for Protocols with Honest Majority[M]. New York: ACM, 2019.
[14]	MCMAHAN H B, MOORE E, RAMAGE D, et al. Communication-Efficient Learning of Deep Networks from Decentralized Data[EB/OL]. (2016-02-17)[2023-11-12]. https://www.semanticscholar.org/paper/Communication-Efficient-Learning-of-Deep-Networks-McMahan-Moore/d1dbf643447405984eeef098b1b320dee0b3b8a7?p2df.
[15]	YANG Qiang, LIU Yang, CHEN Tianjian, et al. Federated Machine Learning: Concept and Applications[J]. ACM Transactions on Intelligent Systems and Technology, 2019, 10(2): 1-19.
[16]	KAIROUZ P, MCMAHAN H B, AVENT B, et al. Advances and Open Problems in Federated Learning[J]. Foundations and Trends in Machine Learning, 2021, 14(1-2): 1-21.
[17]	SABT M, ACHEMLAL M, BOUABDALLAH A. Trusted Execution Environment:What It is, and What It Is Not[C]// IEEE. 2015 IEEE Trustcom/BigDataSE/ISPA. New York: IEEE, 2015: 57-64.
[18]	ARFAOUI G, GHAROUT S, TRAORÉ J. Trusted Execution Environments: A Look under the Hood[C]// IEEE. 2014 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering. New York: IEEE, 2014: 259-266.
[19]	NAKAMOTO S. Bitcoin: A Peer-to-Peer Electronic Cash System[EB/OL]. [2023-11-12]. https://www.semanticscholar.org/paper/Bitcoin%3A-A-Peer-to-Peer-Electronic-Cash-System-Hunt/4e9ec92a90c5d571d2f1d496f8df01f0a8f38596?p2df.
[20]	ZHENG Zibin, XIE Shaoan, DAI Hongning, et al. Blockchain Challenges and Opportunities: A Survey[J]. International Journal of Web and Grid Services, 2018, 14(4): 352-375.
[21]	SADIQUE F, BAKHSHALIYEV K, SPRINGER J, et al. A System Architecture of Cybersecurity Information Exchange with Privacy(CYBEX-P)[C]// IEEE. 2019 IEEE 9th Annual Computing and Communication Workshop and Conference. New York: IEEE, 2019: 493-498.
[22]	HOMAN D, SHIEL I, THORPE C. A New Network Model for Cyber Threat Intelligence Sharing Using Blockchain Technology[C]// IEEE. 2019 10th IFIP International Conference on New Technologies, Mobility and Security. New York: IEEE, 2019: 1-6.
[23]	BARNUM S. Standardizing Cyber Threat Intelligence Information with the Structured Threat Information Expression(STIXTM)[ EB/OL]. [2023-11-12]. https://www.mitre.org/sites/default/files/publications/stix.pdf.
[24]	FUENTES J M, GONZÁLEZ-MANZANO L, TAPIADOR J, et al. PRACIS: Privacy-Preserving and Aggregatable Cybersecurity Information Sharing[J]. Computers & Security, 2017, 69: 127-141.
[25]	BADSHA S, VAKILINIA I, SENGUPTA S. Privacy Preserving Cyber Threat Information Sharing and Learning for Cyber Defense[C]// IEEE. 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). New York: IEEE, 2019: 708-714.
[26]	SARHAN M, LAYEGHY S, MOUSTAFA N, et al. Cyber Threat Intelligence Sharing Scheme Based on Federated Learning for Network Intrusion Detection[EB/OL]. (2022-10-07)[2023-11-12]. https://link.springer.com/article/10.1007/s10922-022-09691-3?utm_source=xmol&utm_content=meta.
[27]	NGUYEN K, PAL S, JADIDI Z, et al. A Blockchain-Enabled Incentivised Framework for Cyber Threat Intelligence Sharing in ICS[C]// IEEE. 2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events(PerCom Workshops). New York: IEEE, 2022: 261-266.
[28]	BANDARA E, SHETTY S, MUKKAMALA R, et al. LUUNU-Blockchain, Model Cards and Federated Learning Enabled Cyber Threat Intelligence Sharing Platform[C]// IEEE. 2022 Annual Modeling and Simulation Conference(ANNSIM). New York: IEEE, 2022: 235-245.

模型框架	技术原理	共享方式
HOMAN^[22]等人	区块链、STIX	中心化式
FUENTES^[24]等人	Paillier同态加密、STIX	中心化式
BADSHA^[25]等人	ElGamal同态加密、机器学习（决策树）	中心化式
SARHAN^[26]等人	联邦学习、机器学习（DNN、LSTM）	点对点式、中心化式
NGUYEN^[27]等人	区块链、IPFS	中心化式
BANDARA^[28]等人	区块链、联邦学习	混合式