• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Telecommunication systems: Modeling, Analysis, Design and Management >Cybersecurity threat intelligence knowledge exchange based on blockchain Proposal of a new incentive model based on blockchain and Smart contracts to foster the cyber threat and risk intelligence exchange of information
【24h】

Cybersecurity threat intelligence knowledge exchange based on blockchain Proposal of a new incentive model based on blockchain and Smart contracts to foster the cyber threat and risk intelligence exchange of information

机译:网络安全威胁情报知识交流基于区块链提案,基于区块链和智能合同,促进网络威胁和风险智能交流信息

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Although cyber threat intelligence (CTI) exchange is a theoretically useful technique for improving security of a society, the potential participants are often reluctant to share their CTI and prefer to consume only, at least in voluntary based approaches. Such behavior destroys the idea of information exchange. On the other hand, governments are forcing specific entities and operators to report them specific incidents depending on their impact, otherwise there could be sanctions to those operators which are not reporting them on time. Obligations and sanctions are usually discouraging participants to share information voluntarily which will just share and report what is strictly required. We propose a paradigm shift of cybersecurity information exchange by introducing a new way to encourage all participants involved, at all levels, to share relevant information dynamically. It will also contribute to the support and deployment of Dynamic Risk Management frameworks to keep risks under an acceptance level along the time. Participants will have new and specific incentives to share, invest and consume threat intelligence and risk intelligence information depending on their different roles (producers, consumers, investors, donors and owner). Our proposal leverages from standards like Structured Threat Information Exchange, as well as W3C semantic web standards to enable a workspace of knowledge related to behavioral threat intelligence patterning to characterize tactics, techniques and procedures. At the same time, we propose an Ethereum Blockchain Smart contract Marketplace to better incentivize the sharing of that knowledge between all parties involved as well as creating a standard CTI token as a digital asset with a promising value in the market. Simulations and an experimentation were performed to demonstrate its benefits and incentives, but also its potential limits with regard to storage and cost of transactions.
机译:虽然网络威胁情报(CTI)交流是改善社会安全的理论上有用的技术,但潜在的参与者通常不愿意分享他们的CTI,并且至少只在自愿的基于自愿的方法中消费。这种行为破坏了信息交换的想法。另一方面,政府正在强迫特定实体和运营人根据其影响向他们报告具体事件,否则可能会对那些没有按时向他们报告的经营者制裁。义务和制裁通常令人沮丧的参与者自愿分享信息,只会分享和报告严格要求的内容。我们提出了通过引入新的方式来鼓励各级参与者进行动态共享相关信息的新方式来提出网络安全信息交换的范式转变。它还将有助于支持和部署动态风险管理框架,以沿着接受水平保留风险。参与者将根据其不同的角色(生产者,消费者,投资者,捐助者和所有者)来分享,投资和消耗威胁情报和风险情报信息。我们的提案利用结构化威胁信息交流等标准,以及W3C语义Web标准,以使与行为威胁情报图案相关的知识工作空间,以表征策略,技术和程序。与此同时,我们提出了一个Ethereum BlockChain智能合同市场,以更好地激励涉及所有各方之间的知识的共享,并在市场上创建标准CTI令牌作为数字资产,在市场上具有有希望的价值。进行模拟和实验,以展示其利益和激励措施,也是其在储存和交易成本方面的潜在限制。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号