Privacy-Friendly Collaboration for Cyber Threat Mitigation

Sharing of security data across organizational boundaries has often been advocated as a promising way to enhance cyber threat mitigation. However, collaborative security faces a number of important challenges, including privacy, trust, and liability concerns with the potential disclosure of sensitive data. In this paper, we focus on data sharing for predictive blacklisting, i.e., forecasting attack sources based on past attack information. We propose a novel privacy-enhanced data sharing approach in which organizations estimate collaboration benefits without disclosing their datasets, organize into coalitions of allied organizations, and securely share data within these coalitions. We study how different partner selection strategies affect prediction accuracy by experimenting on a real-world dataset of 2 billion IP addresses and observe up to a 105% prediction improvement.Comment: This paper has been withdrawn as it has been superseded by arXiv:1502.0533

TRIDEnT: Building Decentralized Incentives for Collaborative Security

Sophisticated mass attacks, especially when exploiting zero-day vulnerabilities, have the potential to cause destructive damage to organizations and critical infrastructure. To timely detect and contain such attacks, collaboration among the defenders is critical. By correlating real-time detection information (alerts) from multiple sources (collaborative intrusion detection), defenders can detect attacks and take the appropriate defensive measures in time. However, although the technical tools to facilitate collaboration exist, real-world adoption of such collaborative security mechanisms is still underwhelming. This is largely due to a lack of trust and participation incentives for companies and organizations. This paper proposes TRIDEnT, a novel collaborative platform that aims to enable and incentivize parties to exchange network alert data, thus increasing their overall detection capabilities. TRIDEnT allows parties that may be in a competitive relationship, to selectively advertise, sell and acquire security alerts in the form of (near) real-time peer-to-peer streams. To validate the basic principles behind TRIDEnT, we present an intuitive game-theoretic model of alert sharing, that is of independent interest, and show that collaboration is bound to take place infinitely often. Furthermore, to demonstrate the feasibility of our approach, we instantiate our design in a decentralized manner using Ethereum smart contracts and provide a fully functional prototype.Comment: 28 page

SciTech News Volume 71, No. 1 (2017)

Columns and Reports From the Editor 3 Division News Science-Technology Division 5 Chemistry Division 8 Engineering Division Aerospace Section of the Engineering Division 9 Architecture, Building Engineering, Construction and Design Section of the Engineering Division 11 Reviews Sci-Tech Book News Reviews 12 Advertisements IEEE

Between Scylla and Charybdis: Environmental governance and illegibility in the American West

In The Odyssey, Odysseus and his crew must navigate the Strait of Messina between two great hazards: the six-headed monster Scylla on one side, and the whirlpool Charybdis on the other. This conceit here guides a critical engagement with scientific knowledge and state power, grounded in the positionality and practices of government agents charged with the management of controversial species and processes in the American West. Based in ethnographic and archival research on wolf-livestock conflict and public lands grazing in Central Idaho, I relate how agents with the U.S. Forest Service and Idaho Department of Fish and Game navigate conditions not of their own choosing. Sailing the “choppy seas” of complex systems and multiple-use mandates, with the “whirlpool” of cuts to capacity on one side and the “monster” of political controversy and litigation on the other, agents appear to collect less or more ambiguous information on their charges, resulting in a partial “blindness” or illegibility. Although a rational adaptation to unrealistic expectations, this ignorance is not bliss but rather symptom and source of dysfunction, limiting agents’ ability to carry out monitoring, collaboration, and effectively conduct on-the-ground management. Understanding patterns of illegibility requires that we attend both to broader contextual pressures and situated motivations. In so doing, we might account for the seeming disconnect between agencies’ stated aims and practices, complicate traditional assumptions of evidence-based scientific management and analyses of bureaucratic rationality and state power, and make sense of the apparent dysfunction around environmental governance in the American West today