14,576 research outputs found
Controlled Data Sharing for Collaborative Predictive Blacklisting
Although sharing data across organizations is often advocated as a promising
way to enhance cybersecurity, collaborative initiatives are rarely put into
practice owing to confidentiality, trust, and liability challenges. In this
paper, we investigate whether collaborative threat mitigation can be realized
via a controlled data sharing approach, whereby organizations make informed
decisions as to whether or not, and how much, to share. Using appropriate
cryptographic tools, entities can estimate the benefits of collaboration and
agree on what to share in a privacy-preserving way, without having to disclose
their datasets. We focus on collaborative predictive blacklisting, i.e.,
forecasting attack sources based on one's logs and those contributed by other
organizations. We study the impact of different sharing strategies by
experimenting on a real-world dataset of two billion suspicious IP addresses
collected from Dshield over two months. We find that controlled data sharing
yields up to 105% accuracy improvement on average, while also reducing the
false positive rate.Comment: A preliminary version of this paper appears in DIMVA 2015. This is
the full version. arXiv admin note: substantial text overlap with
arXiv:1403.212
TRIDEnT: Building Decentralized Incentives for Collaborative Security
Sophisticated mass attacks, especially when exploiting zero-day
vulnerabilities, have the potential to cause destructive damage to
organizations and critical infrastructure. To timely detect and contain such
attacks, collaboration among the defenders is critical. By correlating
real-time detection information (alerts) from multiple sources (collaborative
intrusion detection), defenders can detect attacks and take the appropriate
defensive measures in time. However, although the technical tools to facilitate
collaboration exist, real-world adoption of such collaborative security
mechanisms is still underwhelming. This is largely due to a lack of trust and
participation incentives for companies and organizations. This paper proposes
TRIDEnT, a novel collaborative platform that aims to enable and incentivize
parties to exchange network alert data, thus increasing their overall detection
capabilities. TRIDEnT allows parties that may be in a competitive relationship,
to selectively advertise, sell and acquire security alerts in the form of
(near) real-time peer-to-peer streams. To validate the basic principles behind
TRIDEnT, we present an intuitive game-theoretic model of alert sharing, that is
of independent interest, and show that collaboration is bound to take place
infinitely often. Furthermore, to demonstrate the feasibility of our approach,
we instantiate our design in a decentralized manner using Ethereum smart
contracts and provide a fully functional prototype.Comment: 28 page
Privacy-Friendly Collaboration for Cyber Threat Mitigation
Sharing of security data across organizational boundaries has often been
advocated as a promising way to enhance cyber threat mitigation. However,
collaborative security faces a number of important challenges, including
privacy, trust, and liability concerns with the potential disclosure of
sensitive data. In this paper, we focus on data sharing for predictive
blacklisting, i.e., forecasting attack sources based on past attack
information. We propose a novel privacy-enhanced data sharing approach in which
organizations estimate collaboration benefits without disclosing their
datasets, organize into coalitions of allied organizations, and securely share
data within these coalitions. We study how different partner selection
strategies affect prediction accuracy by experimenting on a real-world dataset
of 2 billion IP addresses and observe up to a 105% prediction improvement.Comment: This paper has been withdrawn as it has been superseded by
arXiv:1502.0533
- …