Rethinking Information Sharing for Threat Intelligence
| Title | Rethinking Information Sharing for Threat Intelligence |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Mohaisen, Aziz, Al-Ibrahim, Omar, Kamhoua, Charles, Kwiat, Kevin, Njilla, Laurent |
| Conference Name | Proceedings of the Fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5527-8 |
| Keywords | Computational Intelligence, Human Behavior, human factors, information sharing, Metrics, privacy, pubcrawl, resilience, Resiliency, Scalability, security risk management, Standards, threat intelligence |
| Abstract | In the past decade, the information security and threat landscape has grown significantly making it difficult for a single defender to defend against all attacks at the same time. This called for introducing information sharing, a paradigm in which threat indicators are shared in a community of trust to facilitate defenses. Standards for representation, exchange, and consumption of indicators are proposed in the literature, although various issues are undermined. In this paper, we take the position of rethinking information sharing for actionable intelligence, by highlighting various issues that deserve further exploration. We argue that information sharing can benefit from well-defined use models, threat models, well-understood risk by measurement and robust scoring, well-understood and preserved privacy and quality of indicators and robust mechanism to avoid free riding behavior of selfish agents. We call for using the differential nature of data and community structures for optimizing sharing designs and structures. |
| URL | https://dl.acm.org/citation.cfm?doid=3132465.3132468 |
| DOI | 10.1145/3132465.3132468 |
| Citation Key | mohaisen_rethinking_2017 |