research-article

TRIDEnT: towards a decentralized threat indicator marketplace

Authors:

Nikolaos Alexopoulos,

Emmanouil Vasilomanolakis,

Stephane Le Roux,

Max MühlhäuserAuthors Info & Claims

SAC '20: Proceedings of the 35th Annual ACM Symposium on Applied Computing

Pages 332 - 341

https://doi.org/10.1145/3341105.3374020

Published: 30 March 2020 Publication History

Abstract

Sophisticated mass attacks, especially when exploiting zero-day vulnerabilities, have the potential to cause destructive damage to organizations and critical infrastructure. To timely detect and contain such attacks, collaboration among the defenders is critical. By correlating real-time detection information (threat indicators) from multiple sources, defenders can detect attacks and take the appropriate measures in time. However, although the technical tools to facilitate collaboration exist, real-world adoption of such collaborative security mechanisms is still underwhelming. This is largely due to a lack of trust and participation incentives for companies and organizations. This paper proposes TRIDEnT, a novel collaborative platform that aims to enable parties to exchange network threat indicators, thus increasing their overall detection capabilities. TRIDEnT allows parties that may be in a competitive relationship, to selectively advertise, sell and acquire threat indicators in the form of (near) real-time peer-to-peer streams. To demonstrate the feasibility of our approach, we instantiate our design in a decentralized manner using Ethereum smart contracts and provide a fully functional prototype.

References

[1]

Nikolaos Alexopoulos, Emmanouil Vasilomanolakis, Natália Réka Ivánkó, and Max Mühlhäuser. 2017. Towards Blockchain-Based Collaborative Intrusion Detection Systems. In Critical Information Infrastructures Security - 12th International Conference, CRITIS 2017, Lucca, Italy, October 8--13, 2017, Revised Selected Papers. 107--118.

[2]

Luca Allodi, Fabio Massacci, and Julian Williams. 2017. The work-averse cyber attacker model: Theory and evidence from two million attack signatures. In 16th Annual Workshop on the Economics of Information Security, WEIS 2017, San Diego, USA, 26--27 June, 2017.

[3]

Ross Anderson and Tyler Moore. 2006. The economics of information security. Science 314, 5799 (2006), 610--613.

[4]

Ross J. Anderson. 2001. Why Information Security is Hard-An Economic Perspective. In 17th Annual Computer Security Applications Conference (ACSAC 2001), 11--14 December 2001, New Orleans, Louisiana, USA. 358--365.

[5]

Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the Mirai Botnet. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16--18, 2017. 1093--1110.

[6]

Leon Böck, Emmanouil Vasilomanolakis, Max Mühlhäuser, and Shankar Karuppayah. 2018. Next Generation P2P Botnets: Monitoring Under Adverse Conditions. In Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Heraklion, Crete, Greece, September 10--12, 2018, Proceedings. 511--531.

[7]

Samuel Burke. 2016. http://money.cnn.com/2016/10/22/technology/cyberattack-dyn-ddos/index.html

[8]

Christian Cachin. 2016. Architecture of the Hyperledger blockchain fabric. In Workshop on Distributed Cryptocurrencies and Consensus Ledgers.

[9]

Varun Chandola, Arindam Banerjee, and Vipin Kumar. 2009. Anomaly detection: A survey. ACM Comput. Surv. 41, 3 (2009), 15:1--15:58.

Digital Library

[10]

Frédéric Cuppens and Alexandre Miège. 2002. Alert Correlation in a Cooperative Intrusion Detection Framework. In 2002 IEEE Symposium on Security and Privacy, Berkeley, California, USA, May 12--15, 2002. 202--215.

[11]

Roman Danyliw. 2016. RFC 7970. The Incident Object Description Exchange Format Version 2. Technical Report.

[12]

Claudiu Duma, Martin Karresand, Nahid Shahmehri, and Germano Caronni. 2006. A Trust-Aware, P2P-Based Overlay for Intrusion Detection. In International Conference on Database and Expert Systems Applications (DEXA'06). IEEE, 692--697.

Digital Library

[13]

Jesse M Ehrenfeld. 2017. WannaCry, Cybersecurity and Health Information Technology: A Time to Act. Journal of Medical Systems 41, 7 (2017), 104.

Digital Library

[14]

Carol Fung, Olga Baysal, Jie Zhang, Issam Aib, and Raouf Boutaba. 2008. Trust management for host-based collaborative intrusion detection. Managing Large-Scale Service Deployment 5273 (2008), 109--122.

Digital Library

[15]

Carol J Fung, Jie Zhang, Issam Aib, and Raouf Boutaba. 2011. Dirichlet-based trust management for effective collaborative intrusion detection networks. IEEE Transactions on Network and Service Management 8, 2 (2011), 79--91.

[16]

Esther Gal-Or and Anindya Ghose. 2005. The economic incentives for sharing security information. Information Systems Research 16, 2 (2005), 186--208.

Digital Library

[17]

Yunchuan Guo, Han Zhang, Lingcui Zhang, Liang Fang, and Fenghua Li. 2018. Incentive Mechanism for Cooperative Intrusion Detection: An Evolutionary Game Approach. In International Conference on Computational Science. Springer, 83--97.

[18]

Sascha Hauke. 2015. On the Statistics of Trustworthiness Prediction. Ph.D. Dissertation. Technische Universität Darmstadt.

[19]

Kevin Hoffman, David Zage, and Cristina Nita-Rotaru. 2009. A survey of attack and defense techniques for reputation systems. ACM Computing Surveys (CSUR) 42, 1 (2009), 1.

Digital Library

[20]

Richeng Jin, Xiaofan He, and Huaiyu Dai. 2017. On the tradeoff between privacy and utility in collaborative intrusion detection systems-a game theoretical approach. In Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp. ACM, 45--51.

Digital Library

[21]

Radu Jurca and Boi Faltings. 2003. An incentive compatible reputation mechanism. In E-Commerce, 2003. CEC 2003. IEEE International Conference on. IEEE, 285--292.

[22]

Kaspersky Lab. 2013. https://securelist.com/red-october-diplomatic-cyber-attacks-investigation/36740/

[23]

Ahmed E. Kosba, Andrew Miller, Elaine Shi, Zikai Wen, and Charalampos Papamanthou. 2016. Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. In IEEE Symposium on Security and Privacy, SP 2016, SanJose, CA, USA, May 22--26, 2016. 839--858.

[24]

Stefan Laube and Rainer Böhme. 2017. Strategic Aspects of Cyber Risk Information Sharing. ACM Computing Surveys (CSUR) 50, 5 (2017), 77.

Digital Library

[25]

Patrick Lincoln, Phillip A. Porras, and Vitaly Shmatikov. 2004. Privacy-Preserving Sharing and Correlation of Security Alerts. In Proceedings of the 13th USENIX Security Symposium, August 9--13, 2004, San Diego, CA, USA. 239--254.

Digital Library

[26]

Guozhu Meng, Yang Liu, Jie Zhang, Alexander Pokluda, and Raouf Boutaba. 2015. Collaborative security: A survey and taxonomy. ACM Computing Surveys (CSUR) 48, 1 (2015), 1.

Digital Library

[27]

Weizhi Meng, Elmar Wolfgang Tischhauser, Qingju Wang, Yu Wang, and Jinguang Han. 2018. When intrusion detection meets blockchain technology: a review. IEEE Access 6 (2018), 10179--10188.

[28]

Florian Menges and Günther Pernul. 2018. A comparative analysis of incident reporting formats. Computers & Security (2018).

[29]

OASIS Cyber Threat Intelligence (CTI) TC. 2017. STIX 2. Structured Threat Infromation Expression. https://oasis-open.github.io/cti-documentation/

[30]

Vern Paxson. 1999. Bro: a system for detecting network intruders in real-time. Computer networks 31, 23--24 (1999), 2435--2463.

[31]

Polyswarm. 2018. A decentralized cyber threat intelligence market. Technical Report. https://polyswarm.io/polyswarm-whitepaper.pdf

[32]

Ponemon Institute. 2018. Third Annual Study On Exchanging Cyber Threat Intelligence: There Has to Be a Better Way. Technical Report. Ponemon.

[33]

protective 2018. PROTECTIVE: Proactive Risk Management. https://protective-h2020.eu/.

[34]

Sebastian Ries. 2007. Certain trust: a trust model for users and agents. In Proceedings of the 2007 ACM Symposium on Applied Computing (SAC), Seoul, Korea, March 11--15, 2007. 1599--1604.

Digital Library

[35]

Sebastian Ries, Sheikh Mahbub Habib, Max Mühlhäuser, and Vijay Varadharajan. 2011. CertainLogic: A Logic for Modeling Trust and Uncertainty - (Short Paper). In Trust and Trustworthy Computing - 4th International Conference, TRUST 2011, Pittsburgh, PA, USA, June 22--24, 2011. Proceedings. 254--261.

[36]

Martin Roesch. 1999. Snort-lightweight intrusion detection for networks. In USENIX conference on System administration. 229--238.

[37]

Alexander Schaub, Rémi Bazin, Omar Hasan, and Lionel Brunie. 2016. A Trustless Privacy-Preserving Reputation System. In ICT Systems Security and Privacy Protection - 31st IFIP TC 11 International Conference, SEC 2016, Ghent, Belgium, May 30 - June 1, 2016, Proceedings. 398--411. ₂7

[38]

Vitaly Shmatikov and Ming-Hsiu Wang. 2007. Security against probe-response attacks in collaborative intrusion detection. In Proceedings of the 2007 workshop on Large scale attack defense. ACM, 129--136.

Digital Library

[39]

Deepak K Tosh, Shamik Sengupta, Sankar Mukhopadhyay, Charles A Kamhoua, and Kevin A Kwiat. 2015. Game theoretic modeling to enforce security information sharing among firms. In Cyber Security and Cloud Computing (CSCloud), 2015 IEEE 2nd International Conference on. IEEE, 7--12.

Digital Library

[40]

Johannes Ullrich. 2000. Dshield Internet Storm Center. https://www.dshield.org/.

[41]

Emmanouil Vasilomanolakis, Shankar Karuppayah, Max Mühlhäuser, and Mathias Fischer. 2015. Taxonomy and Survey of Collaborative Intrusion Detection. Comput. Surveys 47, 4 (2015), 33.

Digital Library

[42]

Emmanouil Vasilomanolakis, Matthias Krügl, Carlos Garcia Cordero, Max Mühlhäuser, and Mathias Fischer. 2015. SkipMon: A Locality-Aware Collaborative Intrusion Detection System. In Computing and Communications Conference (IPCCC), IEEE 34th International Performance. IEEE, 1--8.

[43]

Cynthia Wagner, Alexandre Dulaunoy, Gérard Wagener, and Andras Iklody. 2016. MISP: The Design and Implementation of a Collaborative Threat Intelligence Sharing Platform. In Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security. ACM, 49--56.

Digital Library

[44]

George D Webster, Ryan L Harris, Zachary D Hanif, Bruce A Hembree, Jens Grossklags, and Claudia Eckert. 2018. Sharing is Caring: Collaborative Analysis and Real-time Enquiry for Security Analytics. In IEEE International Symposium on Recent Advances on Blockchain and Its Applications (BlockchainApp).

[45]

Gavin Wood. 2014. Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151 (2014).

[46]

Mark Wood and Michael Erlinger. 2007. RFC 4766. Intrusion detection message exchange requirements. Technical Report.

[47]

Chenfeng Vincent Zhou, Christopher Leckie, and Shanika Karunasekera. 2010. A Survey of Coordinated Attacks and Collaborative Intrusion Detection. Computers & Security 29, 1 (feb 2010), 124--140.

Digital Library

[48]

Quanyan Zhu, Carol Fung, Raouf Boutaba, and Tamer Basar. 2012. GUIDEX: A game-theoretic incentive-based mechanism for intrusion detection networks. IEEE Journal on Selected Areas in Communications 30, 11 (2012), 2220--2230.

[49]

Dionysis Zindros. 2014. A pseudonymous trust system for a decentralized anonymous marketplace. https://gist.github.com/dionyziz/e3b296861175e0ebea4b

Cited By

N. A(2022)A Reliable IDS System Using Blockchain for SDN-Enabled IIoT SystemsResearch Anthology on Convergence of Blockchain, Internet of Things, and Security10.4018/978-1-6684-7132-6.ch039(721-737)Online publication date: 8-Jul-2022
https://doi.org/10.4018/978-1-6684-7132-6.ch039
N. A(2021)A Reliable IDS System Using Blockchain for SDN-Enabled IIoT SystemsIoT Protocols and Applications for Improving Industry, Environment, and Society10.4018/978-1-7998-6463-9.ch008(173-194)Online publication date: 2021
https://doi.org/10.4018/978-1-7998-6463-9.ch008
Schlette D(2021)Cyber Threat Intelligence SharingEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_1717-1(1-3)Online publication date: 17-Feb-2021
https://doi.org/10.1007/978-3-642-27739-9_1717-1

Index Terms

TRIDEnT: towards a decentralized threat indicator marketplace
1. Applied computing
  1. Enterprise computing
    1. Enterprise information systems
2. Security and privacy
  1. Network security

Recommendations

Timely Identification of Victim Addresses in DeFi Attacks
Computer Security. ESORICS 2023 International Workshops
Abstract
Over the past years, Decentralized Finance (DeFi) protocols have suffered from several attacks. As a result, multiple solutions have been proposed to prevent such attacks. Most solutions rely on identifying malicious transactions before they are ...
Targeting the Weakest Link: Social Engineering Attacks in Ethereum Smart Contracts
ASIA CCS '21: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security

Ethereum holds multiple billions of U.S. dollars in the form of Ether cryptocurrency and ERC-20 tokens, with millions of deployed smart contracts algorithmically operating these funds. Unsurprisingly, the security of Ethereum smart contracts has been ...
The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts
Financial Cryptography and Data Security
Abstract
In recent years, Ethereum gained tremendously in popularity, growing from a daily transaction average of 10K in January 2016 to an average of 500K in January 2020. Similarly, smart contracts began to carry more value, making them appealing targets ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '20: Proceedings of the 35th Annual ACM Symposium on Applied Computing

March 2020

2348 pages

ISBN:9781450368667

DOI:10.1145/3341105

Conference Chairs:
Chih-Cheng Hung
Kennesaw State University
,
Tomas Cerny
Baylor University
,
Program Chairs:
Dongwan Shin
New Mexico Tech
,
Alessio Bechini
University of Pisa, Italy

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 March 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Hessisches Ministerium für Wissenschaft und Kunst
Bundesministerium für Bildung und Forschung

Conference

SAC '20

Sponsor:

SIGAPP

SAC '20: The 35th ACM/SIGAPP Symposium on Applied Computing

March 30 - April 3, 2020

Brno, Czech Republic

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
215
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)2

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

N. A(2022)A Reliable IDS System Using Blockchain for SDN-Enabled IIoT SystemsResearch Anthology on Convergence of Blockchain, Internet of Things, and Security10.4018/978-1-6684-7132-6.ch039(721-737)Online publication date: 8-Jul-2022
https://doi.org/10.4018/978-1-6684-7132-6.ch039
N. A(2021)A Reliable IDS System Using Blockchain for SDN-Enabled IIoT SystemsIoT Protocols and Applications for Improving Industry, Environment, and Society10.4018/978-1-7998-6463-9.ch008(173-194)Online publication date: 2021
https://doi.org/10.4018/978-1-7998-6463-9.ch008
Schlette D(2021)Cyber Threat Intelligence SharingEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_1717-1(1-3)Online publication date: 17-Feb-2021
https://doi.org/10.1007/978-3-642-27739-9_1717-1

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents