Research and Scheme Design of Cyber Threat Intelligence Sharing under Privacy Protection System

doi:10.3969/j.issn.1671-1122.2024.07.014

Abstract

Abstract:

Cyber threat intelligence sharing is beneficial for achieving cyber security situational awareness to deal with cyber threats. However, the cyber threat intelligence is highly sensitive, improper handling can easily lead to damage interests of sharers or expose the weakness of security protection. Therefore, the premise of cyber threat intelligence sharing is to ensure data security and user privacy. This paper focused on the analysis and research of cyber threat intelligence sharing under the privacy protection system. First of all, we summarized and analyzed the cyber threat intelligence, cyber threat intelligence sharing and privacy computing technology. Then, starting from the security and privacy issues faced by cyber threat intelligence sharing, we carefully combed and deeply analyzed the technical path and research status of cyber threat intelligence sharing in recent years. Finally, based on the privacy computing, we designed the framework of cyber threat intelligence sharing scheme.

Key words: cyberspace security, cyber threat intelligence sharing, privacy computing

CLC Number:

TP309

WEN Wen, LIU Qinju, KUANG Lin, REN Xuejing. Research and Scheme Design of Cyber Threat Intelligence Sharing under Privacy Protection System[J]. Netinfo Security, 2024, 24(7): 1129-1137.

Figures/Tables 8

References 28

[1]	FU Jing. Exploration and Practice of Security Protection of Critical Information Infrastructure of Water Conservancy[J]. Netinfo Security, 2023, 23(8): 121-127.
	付静. 水利关键信息基础设施安全保护探索与实践[J]. 信息网络安全, 2023, 23(8):121-127.
[2]	TOUNSI W, RAIS H. A Survey on Technical Threat Intelligence in the Age of Sophisticated Cyber Attacks[J]. Computers & Security, 2018, 72: 212-233.
[3]	MCMILLAN R, PRATAP K. Market Guide for Security Threat Intelligence Services[EB/OL]. (2014-10-14)[2023-11-12]. https://www.gartner.com/en/documents/2874317?ref=ddisp.
[4]	LIN Yue, LIU Peng, WANG He, et al. Overview of Threat Intelligence Sharing and Exchange in Cybersecurity[J]. Journal of Computer Research and Development, 2020, 57(10): 2052-2065.
	林玥, 刘鹏, 王鹤, 等. 网络安全威胁情报共享与交换研究综述[J]. 计算机研究与发展, 2020, 57(10):2052-2065.
[5]	National Industrial Information Security Development Research Center. Cyber Security Threat Intelligence Industry Development Report(2021)[R]. China: National Industrial Information Security Development Research Center, 2021-dc-24, 2021.
	国家工业信息安全发展研究中心. 网络安全威胁情报行业发展报告(2021)[R]. 中国: 国家工业信息安全发展研究中心,2021-dc-24,2021.
[6]	WAGNER T D, MAHBUB K, PALOMAR E, et al. Cyber Threat Intelligence Sharing: Survey and Research Directions[EB/OL]. (2018-08-06)[2023-11-12]. https://doi.org/10.1016/j.cose.2019.101589.
[7]	LI Fenghua, LI Hui, JIA Yan, et al. Privacy Computing: Concept, Connotation and Its Research Trend[J]. Journal on Communications, 2016, 37(4): 1-11. doi: 10.11959/j.issn.1000-436x.2016078
	李凤华, 李晖, 贾焰, 等. 隐私计算研究范畴及发展趋势[J]. 通信学报, 2016, 37(4):1-11. doi: 10.11959/j.issn.1000-436x.2016078
[8]	HUO Wei, YU Yu, YANG Kang, et al. Privacy-Preserving Cryptographic Algorithms and Protocols: A Survey on Designs and Applications[J]. Scientia Sinica(Informationis), 2023, 53(9): 1688-1733.
	霍炜, 郁昱, 杨糠, 等. 隐私保护计算密码技术研究进展与应用[J]. 中国科学:信息科学, 2023, 53(9):1688-1733.
[9]	YAO A C C. How to Generate and Exchange Secrets[C]// IEEE. 27th Annual Symposium on Foundations of Computer Science. New York: IEEE, 1986: 162-167.
[10]	DEMMLER D, SCHNEIDER T, ZOHNER M. ABY-A Framework for Efficient Mixed-Protocol Secure Two-Party Computation[EB/OL]. (2015-02-01)[2023-11-14]. https://www.semanticscholar.org/paper/ABY-A-Framework-for-Efficient-Mixed-Protocol-Secure-Demmler-Schneider/20b5b5c25e2b56693b38fe7f69caddca78872085?p2df.
[11]	Github. MP-SPDZ[EB/OL]. (2023-12-14)[2023-12-18]. https://github.com/data61/MP-SPDZ.
[12]	IMPAGLIAZZO R, RUDICH S. Limits on the Provable Consequences of One-Way Permutations[C]// ACM. The Twenty-First Annual ACM symposium on Theory of Computing. New York: ACM, 1989: 44-61.
[13]	GOLDREICH O, MICALI S, WIGDERSON A. How to Play any Mental Game, or a Completeness Theorem for Protocols with Honest Majority[M]. New York: ACM, 2019.
[14]	MCMAHAN H B, MOORE E, RAMAGE D, et al. Communication-Efficient Learning of Deep Networks from Decentralized Data[EB/OL]. (2016-02-17)[2023-11-12]. https://www.semanticscholar.org/paper/Communication-Efficient-Learning-of-Deep-Networks-McMahan-Moore/d1dbf643447405984eeef098b1b320dee0b3b8a7?p2df.
[15]	YANG Qiang, LIU Yang, CHEN Tianjian, et al. Federated Machine Learning: Concept and Applications[J]. ACM Transactions on Intelligent Systems and Technology, 2019, 10(2): 1-19.
[16]	KAIROUZ P, MCMAHAN H B, AVENT B, et al. Advances and Open Problems in Federated Learning[J]. Foundations and Trends in Machine Learning, 2021, 14(1-2): 1-21.
[17]	SABT M, ACHEMLAL M, BOUABDALLAH A. Trusted Execution Environment:What It is, and What It Is Not[C]// IEEE. 2015 IEEE Trustcom/BigDataSE/ISPA. New York: IEEE, 2015: 57-64.
[18]	ARFAOUI G, GHAROUT S, TRAORÉ J. Trusted Execution Environments: A Look under the Hood[C]// IEEE. 2014 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering. New York: IEEE, 2014: 259-266.
[19]	NAKAMOTO S. Bitcoin: A Peer-to-Peer Electronic Cash System[EB/OL]. [2023-11-12]. https://www.semanticscholar.org/paper/Bitcoin%3A-A-Peer-to-Peer-Electronic-Cash-System-Hunt/4e9ec92a90c5d571d2f1d496f8df01f0a8f38596?p2df.
[20]	ZHENG Zibin, XIE Shaoan, DAI Hongning, et al. Blockchain Challenges and Opportunities: A Survey[J]. International Journal of Web and Grid Services, 2018, 14(4): 352-375.
[21]	SADIQUE F, BAKHSHALIYEV K, SPRINGER J, et al. A System Architecture of Cybersecurity Information Exchange with Privacy(CYBEX-P)[C]// IEEE. 2019 IEEE 9th Annual Computing and Communication Workshop and Conference. New York: IEEE, 2019: 493-498.
[22]	HOMAN D, SHIEL I, THORPE C. A New Network Model for Cyber Threat Intelligence Sharing Using Blockchain Technology[C]// IEEE. 2019 10th IFIP International Conference on New Technologies, Mobility and Security. New York: IEEE, 2019: 1-6.
[23]	BARNUM S. Standardizing Cyber Threat Intelligence Information with the Structured Threat Information Expression(STIXTM)[ EB/OL]. [2023-11-12]. https://www.mitre.org/sites/default/files/publications/stix.pdf.
[24]	FUENTES J M, GONZÁLEZ-MANZANO L, TAPIADOR J, et al. PRACIS: Privacy-Preserving and Aggregatable Cybersecurity Information Sharing[J]. Computers & Security, 2017, 69: 127-141.
[25]	BADSHA S, VAKILINIA I, SENGUPTA S. Privacy Preserving Cyber Threat Information Sharing and Learning for Cyber Defense[C]// IEEE. 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). New York: IEEE, 2019: 708-714.
[26]	SARHAN M, LAYEGHY S, MOUSTAFA N, et al. Cyber Threat Intelligence Sharing Scheme Based on Federated Learning for Network Intrusion Detection[EB/OL]. (2022-10-07)[2023-11-12]. https://link.springer.com/article/10.1007/s10922-022-09691-3?utm_source=xmol&utm_content=meta.
[27]	NGUYEN K, PAL S, JADIDI Z, et al. A Blockchain-Enabled Incentivised Framework for Cyber Threat Intelligence Sharing in ICS[C]// IEEE. 2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events(PerCom Workshops). New York: IEEE, 2022: 261-266.
[28]	BANDARA E, SHETTY S, MUKKAMALA R, et al. LUUNU-Blockchain, Model Cards and Federated Learning Enabled Cyber Threat Intelligence Sharing Platform[C]// IEEE. 2022 Annual Modeling and Simulation Conference(ANNSIM). New York: IEEE, 2022: 235-245.

模型框架	技术原理	共享方式
HOMAN^[22]等人	区块链、STIX	中心化式
FUENTES^[24]等人	Paillier同态加密、STIX	中心化式
BADSHA^[25]等人	ElGamal同态加密、机器学习（决策树）	中心化式
SARHAN^[26]等人	联邦学习、机器学习（DNN、LSTM）	点对点式、中心化式
NGUYEN^[27]等人	区块链、IPFS	中心化式
BANDARA^[28]等人	区块链、联邦学习	混合式