Related papers: Orchestrating Collaborative Cybersecurity: A Secure Framework for Distributed Privacy-Preserving Threat Intelligence Sharing

Orchestrating Collaborative Cybersecurity: A Secure Framework for Distributed Privacy-Preserving Threat Intelligence Sharing

URL: http://arxiv.org/abs/2209.02676v1
Date: Tue, 6 Sep 2022 17:44:20 GMT
Title: Orchestrating Collaborative Cybersecurity: A Secure Framework for Distributed Privacy-Preserving Threat Intelligence Sharing
Authors: Juan R. Trocoso-Pastoriza, Alain Mermoud, Romain Bouy\'e, Francesco Marino, Jean-Philippe Bossuat, Vincent Lenders, Jean-Pierre Hubaux
Abstract summary: Cyber Threat Intelligence (CTI) sharing is an important activity to reduce information asymmetries between attackers and defenders. Current literature assumes access to centralized databases containing all the information, but this is not always feasible. We propose a novel framework for extracting CTI from distributed data on incidents, vulnerabilities and indicators of compromise.
Score: 7.977316321387031
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Cyber Threat Intelligence (CTI) sharing is an important activity to reduce information asymmetries between attackers and defenders. However, this activity presents challenges due to the tension between data sharing and confidentiality, that result in information retention often leading to a free-rider problem. Therefore, the information that is shared represents only the tip of the iceberg. Current literature assumes access to centralized databases containing all the information, but this is not always feasible, due to the aforementioned tension. This results in unbalanced or incomplete datasets, requiring the use of techniques to expand them; we show how these techniques lead to biased results and misleading performance expectations. We propose a novel framework for extracting CTI from distributed data on incidents, vulnerabilities and indicators of compromise, and demonstrate its use in several practical scenarios, in conjunction with the Malware Information Sharing Platforms (MISP). Policy implications for CTI sharing are presented and discussed. The proposed system relies on an efficient combination of privacy enhancing technologies and federated processing. This lets organizations stay in control of their CTI and minimize the risks of exposure or leakage, while enabling the benefits of sharing, more accurate and representative results, and more effective predictive and preventive defenses.

Related papers

TabSec: A Collaborative Framework for Novel Insider Threat Detection [8.27921273043059]
In the era of the Internet of Things (IoT) and data sharing, users frequently upload their personal information to enterprise databases to enjoy enhanced service experiences. However, the widespread presence of system vulnerabilities, remote network intrusions, and insider threats significantly increases the exposure of private enterprise data on the internet. This paper proposes a novel threat detection framework, TabITD, to address these challenges.
arXiv Detail & Related papers (2024-11-04T04:07:16Z)
Lancelot: Towards Efficient and Privacy-Preserving Byzantine-Robust Federated Learning within Fully Homomorphic Encryption [10.685816010576918]
We propose Lancelot, an innovative and computationally efficient BRFL framework that employs fully homomorphic encryption (FHE) to safeguard against malicious client activities while preserving data privacy. Our extensive testing, which includes medical imaging diagnostics and widely-used public image datasets, demonstrates that Lancelot significantly outperforms existing methods, offering more than a twenty-fold increase in processing speed, all while maintaining data privacy.
arXiv Detail & Related papers (2024-08-12T14:48:25Z)
SeCTIS: A Framework to Secure CTI Sharing [13.251593345960265]
The rise of IT-dependent operations in modern organizations has heightened their vulnerability to cyberattacks. Current information-sharing methods lack privacy safeguards, leaving organizations vulnerable to leaks of both proprietary and confidential data. We design a novel framework called SeCTIS (Secure Cyber Threat Intelligence Sharing) to enable businesses to collaborate, preserving the privacy of their CTI data.
arXiv Detail & Related papers (2024-06-20T08:34:50Z)
Marking the Pace: A Blockchain-Enhanced Privacy-Traceable Strategy for Federated Recommender Systems [11.544642210389894]
Federated recommender systems have been enhanced through data sharing and continuous model updates. Given the sensitivity of IoT data, transparent data processing in data sharing and model updates is paramount. Existing methods fall short in tracing the flow of shared data and the evolution of model updates. We present LIBERATE, a privacy-traceable federated recommender system.
arXiv Detail & Related papers (2024-06-07T07:21:21Z)
Decentralized Multimedia Data Sharing in IoV: A Learning-based Equilibrium of Supply and Demand [57.82021900505197]
Internet of Vehicles (IoV) has great potential to transform transportation systems by enhancing road safety, reducing traffic congestion, and improving user experience through onboard infotainment applications. Decentralized data sharing can improve security, privacy, reliability, and facilitate infotainment data sharing in IoVs. We propose a decentralized data-sharing incentive mechanism based on multi-intelligent reinforcement learning to learn the supply-demand balance in markets.
arXiv Detail & Related papers (2024-03-29T14:58:28Z)
Secure Aggregation is Not Private Against Membership Inference Attacks [66.59892736942953]
We investigate the privacy implications of SecAgg in federated learning. We show that SecAgg offers weak privacy against membership inference attacks even in a single training round. Our findings underscore the imperative for additional privacy-enhancing mechanisms, such as noise injection.
arXiv Detail & Related papers (2024-03-26T15:07:58Z)
TIPS: Threat Sharing Information Platform for Enhanced Security [0.5384718724090648]
This paper presents an abstraction of a trusted information-sharing process which integrates Attribute-Based Encryption (ABE), Homomorphic Encryption (HE) and Zero Knowledge Proof (ZKP) It then provides a protocol exchange between two threat-sharing agents that share encrypted messages through a trusted channel.
arXiv Detail & Related papers (2024-03-08T10:50:49Z)
Incentivized Communication for Federated Bandits [67.4682056391551]
We introduce an incentivized communication problem for federated bandits, where the server shall motivate clients to share data by providing incentives. We propose the first incentivized communication protocol, namely, Inc-FedUCB, that achieves near-optimal regret with provable communication and incentive cost guarantees.
arXiv Detail & Related papers (2023-09-21T00:59:20Z)
PS-FedGAN: An Efficient Federated Learning Framework Based on Partially Shared Generative Adversarial Networks For Data Privacy [56.347786940414935]
Federated Learning (FL) has emerged as an effective learning paradigm for distributed computation. This work proposes a novel FL framework that requires only partial GAN model sharing. Named as PS-FedGAN, this new framework enhances the GAN releasing and training mechanism to address heterogeneous data distributions.
arXiv Detail & Related papers (2023-05-19T05:39:40Z)
Breaking the Communication-Privacy-Accuracy Tradeoff with $f$-Differential Privacy [51.11280118806893]
We consider a federated data analytics problem in which a server coordinates the collaborative data analysis of multiple users with privacy concerns and limited communication capability. We study the local differential privacy guarantees of discrete-valued mechanisms with finite output space through the lens of $f$-differential privacy (DP) More specifically, we advance the existing literature by deriving tight $f$-DP guarantees for a variety of discrete-valued mechanisms.
arXiv Detail & Related papers (2023-02-19T16:58:53Z)
A System for Automated Open-Source Threat Intelligence Gathering and Management [53.65687495231605]
SecurityKG is a system for automated OSCTI gathering and management. It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
arXiv Detail & Related papers (2021-01-19T18:31:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.