A Problem Shared is a Problem Halved: A Survey on the Dimensions of Collective Cyber Defense Through Security Information Sharing
TL;DR: A structured overview about the dimensions of cyber security information sharing is provided, motivated in more detail and work out the requirements for an information sharing system, and a critical review of the state of the art is reviewed.
About: This article is published in Computers & Security.The article was published on 2016-07-01. It has received 166 citations till now. The article focuses on the topics: Information sharing & The Internet.
Citations
More filters
TL;DR: It is shown in this paper why having a standardized representation of threat information can improve the quality of TTI, thus providing better automated analytics solutions on large volumes of T TI which are often non-uniform and redundant.
259 citations
24 Oct 2016
TL;DR: The aim of MISP is to help in setting up preventive actions and counter-measures used against targeted attacks, and to Enable detection via collaborative-knowledge-sharing about existing malware and other threats.
Abstract: The IT community is confronted with incidents of all kinds and nature, new threats appear on a daily basis. Fighting these security incidents individually is almost impossible. Sharing information about threats among the community has become a key element in incident response to stay on top of the attackers. Reliable information resources, providing credible information, are therefore essential to the IT community, or even at broader scale, to intelligence communities or fraud detection groups. This paper presents the Malware Information Sharing Platform (MISP) and threat sharing project, a trusted platform, that allows the collection and sharing of important indicators of compromise (IoC) of targeted attacks, but also threat information like vulnerabilities or financial indicators used in fraud cases. The aim of MISP is to help in setting up preventive actions and counter-measures used against targeted attacks. Enable detection via collaborative-knowledge-sharing about existing malware and other threats.
166 citations
Cites background from "A Problem Shared is a Problem Halve..."
...In [18], a survey on the implementation and organization of information sharing platforms was realized to discuss the overall dimension of information sharing....
[...]
TL;DR: This extensive literature survey explores the current state-of-the-art and approaches different problem areas of interest pertaining to the larger field of sharing cyber threat intelligence.
113 citations
TL;DR: This paper summarizes the knowledge and interpretation of Smart Cities (SC), Cyber Security (CS), and Deep Learning (DL) concepts as well as discussed existing related work on IoT security in smart cities.
106 citations
TL;DR: From the experimental analysis, it is clear that the deep learning model improved the accuracy, scalability, reliability, and performance of the cybersecurity applications when applied in realtime.
82 citations
References
More filters
TL;DR: This work constructs a formal game theoretic model of the peer-to-peer file sharing system, analyzing equilibria of user strategies under several novel payment mechanisms, and supports and extends this work with results from experiments with a multi-agent reinforcement learning model.
Abstract: We consider the free-rider problem in peer-to-peer file sharing networks such as Napster: that individual users are provided with no incentive for adding value to the network. We examine the design implications of the assumption that users will selfishly act to maximize their own rewards, by constructing a formal game theoretic model of the system and analyzing equilibria of user strategies under several novel payment mechanisms. We support and extend this workwith results from experiments with a multi-agent reinforcement learning model.
256 citations
"A Problem Shared is a Problem Halve..." refers background in this paper
...However, a major prerequisite to this is the creation of trust (Abrams et al., 2003; Golle et al., 2001; Skopik et al., 2010) among involved parties, specifically when it comes to the sharing of security-sensitive information (Fernandez Vazquez et al., 2012)....
[...]
...These issues have been extensively studied in the literature (cf. Abrams et al., 2003; Fernandez Vazquez et al., 2012; Golle et al., 2001; Parameswaran et al., 2001; Skopik and Li, 2013) and are thus omitted here for the sake of brevity....
[...]
TL;DR: The paper discusses the advantages of P2P networks: load balancing; dynamic information repositories; fault tolerance; content-based addressing and improved searches; and the disadvantages of P1P.
Abstract: Peer-to-peer networking offers unique advantages that will make it a more effective alternative to several existing client-server e-commerce applications, if it can mature into a secure and reliable technology. The paper discusses the advantages of P2P networks: load balancing; dynamic information repositories; fault tolerance; content-based addressing and improved searches. It also considers the disadvantages of P2P.
247 citations
02 Sep 2013
TL;DR: A technical analysis of Stuxnet, Duqu, Flame, Flame and Red October is performed, highlighting particular characteristics and identifying common patterns and techniques and proposing technical countermeasures for strengthening defenses against similar threats.
Abstract: As both the number and the complexity of cyber-attacks continuously increase, it is becoming evident that current security mechanisms have limited success in detecting sophisticated threats. Stuxnet, Duqu, Flame and Red October have troubled the security community due to their severe complexity and their ability to evade detection - in some cases for several years. The significant technical and financial resources needed for orchestrating such complex attacks are a clear indication that perpetrators are well organized and, likely, working under a state umbrella. In this paper we perform a technical analysis of these advanced persistent threats, highlighting particular characteristics and identifying common patterns and techniques. We also focus on the issues that enabled the malware authors to evade detection from a wide range of security solutions and propose technical countermeasures for strengthening our defenses against similar threats.
172 citations
"A Problem Shared is a Problem Halve..." refers background in this paper
...Consequently, new paradigms are required for detecting and mitigating these kinds of attack (Virvilis and Gritzalis, 2013), and eventually to establish situational awareness (Jajodia et al., 2010; Sarter and Woods, 1991; Tadda et al., 2006)....
[...]
22 May 2011
TL;DR: This paper presents the first solution for disabling digital, design-level hardware backdoors by scrambling inputs that are supplied to the hardware units at runtime, making it infeasible for malicious components to acquire the information they need to perform malicious actions.
Abstract: Hardware components can contain hidden backdoors, which can be enabled with catastrophic effects or for ill-gotten profit. These backdoors can be inserted by a malicious insider on the design team or a third-party IP provider. In this paper, we propose techniques that allow us to build trustworthy hardware systems from components designed by untrusted designers or procured from untrusted third-party IP providers. We present the first solution for disabling digital, design-level hardware backdoors. The principle is that rather than try to discover the malicious logic in the design -- an extremely hard problem -- we make the backdoor design problem itself intractable to the attacker. The key idea is to scramble inputs that are supplied to the hardware units at runtime, making it infeasible for malicious components to acquire the information they need to perform malicious actions. We show that the proposed techniques cover the attack space of deterministic, digital HDL backdoors, provide probabilistic security guarantees, and can be applied to a wide variety of hardware components. Our evaluation with the SPEC 2006 benchmarks shows negligible performance loss (less than 1% on average) and that our techniques can be integrated into contemporary microprocessor designs.
163 citations
04 Oct 2016
TL;DR: This guidance helps organizations establish information sharing goals, identify cyber threat information sources, scope information sharing activities, develop rules that control the publication and distribution of threat information, engage with existing sharing communities, and make effective use of threat Information in support of the organization’s overall cybersecurity practices.
161 citations