Cybersecurity Information Exchange with Privacy (CYBEX-P) and TAHOE – A Cyberthreat Language

by   Farhan Sadique, et al.

Cybersecurity information sharing (CIS) is envisioned to protect organizations more effectively from advanced cyber attacks. However, a completely automated CIS platform is not widely adopted. The major challenges are: (1) the absence of a robust cyber threat language (CTL) and (2) the concerns over data privacy. This work introduces Cybersecurity Information Exchangewith Privacy (CYBEX-P), as a CIS framework, to tackle these challenges. CYBEX-P allows organizations to share heterogeneous data with granular, attribute based privacy control. It correlates the data to automatically generate intuitive reports and defensive rules. To achieve such versatility, we have developed TAHOE - a graph based CTL. TAHOE is a structure for storing,sharing and analyzing threat data. It also intrinsically correlates the data. We have further developed a universal Threat Data Query Language (TDQL). In this paper, we propose the system architecture for CYBEX-P. We then discuss its scalability and privacy features along with a use case of CYBEX-P providing Infrastructure as a Service (IaaS). We further introduce TAHOE TDQL as better alternatives to existing CTLs and formulate ThreatRank - an algorithm to detect new malicious even


page 5

page 6


TRADE: TRusted Anonymous Data Exchange: Threat Sharing Using Blockchain Technology

Cyber attacks are becoming more frequent and sophisticated, introducing ...

Finding the Sweet Spot for Data Anonymization: A Mechanism Design Perspective

Data sharing between different organizations is an essential process in ...

Automated Retrieval of ATT CK Tactics and Techniques for Cyber Threat Reports

Over the last years, threat intelligence sharing has steadily grown, lea...

A Cyber Threat Intelligence Management Platform for Industrial Environments

Developing intelligent, interoperable Cyber Threat Information (CTI) sha...

Leveraging Sharing Communities to Achieve Federated Learning for Cybersecurity

Automated cyber threat detection in computer networks is a major challen...

Emerging Privacy Issues and Solutions in Cyber-Enabled Sharing Services

Fast development of sharing services becomes a crucial part of the proce...

Please sign up or login with your details

Forgot password? Click here to reset