Cyber threat intelligence sharing technologies and threat sharing model using blockchain

Özdemir, Ahmet
Against the measures taken, the nature of the threats in the cyber environment is evolving day by day. While script kiddie made amateur cyber attacks were usually experienced beforehand, more sophisticated and targeted attacks are frequently encountered nowadays. Besides that, commonly used signature based techniques for attack detection and threat information staying within organization is insufficient for dynamically changing, organized and targeted threats. Furthermore, with the advance of new technology, computer networks are growing, the number and variety of interconnected devices are increasing and as a consequence attack surface is expanding. As a result, it does not seem possible to reduce all of the vulnerabilities that we encounter. From now on, cyber attack is not a matter of ‘if’, but it is a matter of ‘when’. In order to detect complex attacks one of the newly developed approaches is cyber threat intelligence sharing. Threat intelligence is evidence-based knowledge about threat and assists to decide. It has no value if it is not disseminated though. Organizations can increase situational awareness about targeted cyber threats by sharing internal cyber threat information with trusted partners and integrating external cyber threat information with their security systems in real-time basis. However, common language that allows automation at identification and sharing of threat information is crucial for timely intervention. To that end, various standards are being developed by many organizations and companies. In this study, standards and tools developed for the representation and sharing of threat information are compared, and new threat sharing model is developed using a permissioned blockchain.
Citation Formats
A. Özdemir, “Cyber threat intelligence sharing technologies and threat sharing model using blockchain,” M.S. - Master of Science, Middle East Technical University, 2021.