18 A review of Cybersecurity Threat Intelligence Knowledge Exchange based on blockchain
Although cyber threat intelligence (CTI) exchange is a theoretically useful technique for improving security of a society, the potential participants are often reluctant to share their CTI and prefer to consume only, at least in voluntary based approaches. Such behavior destroys the idea of informat...
| Authors: | , , |
|---|---|
| Format: | book part |
| Publication Date: | 2021 |
| Country: | España |
| Institution: | Universidad de Castilla-La Mancha |
| Repository: | RUIdeRA. Repositorio Institucional de la UCLM |
| OAI Identifier: | oai:ruidera.uclm.es:10578/28622 |
| Online Access: | https://doi.org/10.18239/jornadas_2021.34.18 http://hdl.handle.net/10578/28622 |
| Access Level: | Open access |
| Keyword: | STIX SWRL OWL Dynamic Risk Management (DRM) Cyber Threat Intelligence (CTI) Ethereum Blockchain Smart contracts |
| Summary: | Although cyber threat intelligence (CTI) exchange is a theoretically useful technique for improving security of a society, the potential participants are often reluctant to share their CTI and prefer to consume only, at least in voluntary based approaches. Such behavior destroys the idea of information exchange. On the other hand, governments are forcing specific entities and operators to report them specific incidents depending on their impact. Obligations and sanctions are usually discouraging participants to share information voluntarily. We propose a paradigm shift of cybersecurity information exchange by ntroducing a new way to encourage all participants involved, at all levels, to share relevant information dynamically. Participants will have new and specific incentives to share, invest and consume threat intelligence and risk intelligence information depending on their different roles (producers, consumers, investors, donors and owner). Our proposal leverages from standards like Structured Threat Information Exchange (STIX™), W3C semantic web standards and from the Ethereum Blockchain to enable a workspace of knowledge related to behavioral threat intelligence patterning to characterize tactics, techniques and procedures (TTP) introducing new type of incentives. |
|---|