Soumya Purohit, R. Neupane, Naga Ramya Bhamidipati, Varsha Vakkavanthula, Songjie Wang, Matthew Rockey, P. Calyam
{"title":"Cyber Threat Intelligence Sharing for Co-Operative Defense in Multi-Domain Entities","authors":"Soumya Purohit, R. Neupane, Naga Ramya Bhamidipati, Varsha Vakkavanthula, Songjie Wang, Matthew Rockey, P. Calyam","doi":"10.1109/TDSC.2022.3214423","DOIUrl":null,"url":null,"abstract":"Cloud-hosted applications are prone to targeted attacks such as DDoS, advanced persistent threats, Cryptojacking which threaten service availability. Recently, methods for threat information sharing and defense require cooperation and trust between multiple domains/entities. There is a need for mechanisms that establish distributed trust to allow for such a collective defense. In this paper, we present a novel threat intelligence sharing and defense system, namely “DefenseChain,” to allow organizations to have incentive-based and trustworthy cooperation to mitigate the impact of cyber attacks. Our solution approach features a consortium Blockchain platform and an economic model to obtain threat data and select suitable peers to help with attack detection and mitigation. We apply DefenseChain in the financial technology industry for an insurance claim processing use case to demonstrate the effectiveness of DefenseChain in a real-world application setting. Our evaluation experiments with DefenseChain implementation are performed on an Open Cloud testbed with Hyperledger Composer and in a simulation environment. Our results show that the DefenseChain system overall performs better than state-of-the-art decision making schemes in choosing the most appropriate detector and mitigator peers. Lastly, we validate how DefenseChain helps mitigate the threat risk of incidents relating to potential fraudulent insurance claims or cyber attacks.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4273-4290"},"PeriodicalIF":7.0000,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Dependable and Secure Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1109/TDSC.2022.3214423","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 3
Abstract
Cloud-hosted applications are prone to targeted attacks such as DDoS, advanced persistent threats, Cryptojacking which threaten service availability. Recently, methods for threat information sharing and defense require cooperation and trust between multiple domains/entities. There is a need for mechanisms that establish distributed trust to allow for such a collective defense. In this paper, we present a novel threat intelligence sharing and defense system, namely “DefenseChain,” to allow organizations to have incentive-based and trustworthy cooperation to mitigate the impact of cyber attacks. Our solution approach features a consortium Blockchain platform and an economic model to obtain threat data and select suitable peers to help with attack detection and mitigation. We apply DefenseChain in the financial technology industry for an insurance claim processing use case to demonstrate the effectiveness of DefenseChain in a real-world application setting. Our evaluation experiments with DefenseChain implementation are performed on an Open Cloud testbed with Hyperledger Composer and in a simulation environment. Our results show that the DefenseChain system overall performs better than state-of-the-art decision making schemes in choosing the most appropriate detector and mitigator peers. Lastly, we validate how DefenseChain helps mitigate the threat risk of incidents relating to potential fraudulent insurance claims or cyber attacks.
期刊介绍:
The "IEEE Transactions on Dependable and Secure Computing (TDSC)" is a prestigious journal that publishes high-quality, peer-reviewed research in the field of computer science, specifically targeting the development of dependable and secure computing systems and networks. This journal is dedicated to exploring the fundamental principles, methodologies, and mechanisms that enable the design, modeling, and evaluation of systems that meet the required levels of reliability, security, and performance.
The scope of TDSC includes research on measurement, modeling, and simulation techniques that contribute to the understanding and improvement of system performance under various constraints. It also covers the foundations necessary for the joint evaluation, verification, and design of systems that balance performance, security, and dependability.
By publishing archival research results, TDSC aims to provide a valuable resource for researchers, engineers, and practitioners working in the areas of cybersecurity, fault tolerance, and system reliability. The journal's focus on cutting-edge research ensures that it remains at the forefront of advancements in the field, promoting the development of technologies that are critical for the functioning of modern, complex systems.