Observatorio de I+D+i UPM

| Otras actividades
HOME

Proyectos Internacionales Art�culos Patentes UPM Software UPM Empresas UPM Otras actividades Memorias de investigaci�n

Memorias de investigación

Art�culos en revistas:

Cybersecurity Threat Intelligence Knowledge Exchange based on blockchain

A�o:2019

�reas de investigaci�n

Ingenier�as,
Tecnolog�a electr�nica y de las comunicaciones,
Ciencias de la computaci�n y tecnolog�a inform�tica,
Sistema inform�tico,
Tratamiento de datos

Datos

Descripci�n
Although cyber threat intelligence (CTI) exchange is a theoretically useful technique for improving security of a society, the potential participants are often reluctant to share their CTI and prefer to consume only, at least in voluntary based approaches. Such behavior destroys the idea of information exchange. On the other hand, governments are forcing specific entities and operators to report them specific incidents depending on their impact, otherwise there could be sanctions to those operators which are not reporting them on time. Obligations and sanctions are usually discouraging participants to share information voluntarily which will just share and report what is strictly required. We propose a paradigm shift of cybersecurity information exchange by introducing a new way to encourage all participants involved, at all levels, to share relevant information dynamically. It will also contribute to the support and deployment of Dynamic Risk Management (DRM) frameworks to keep risks under an acceptance level along the time. Participants will have new and specific incentives to share, invest and consume threat intelligence and risk intelligence information depending on their different roles (producers, consumers, investors, donors and owner). Our proposal leverages from standards like Structured Threat Information Exchange (STIX), as well as W3C semantic web standards to enable a workspace of knowledge related to behavioral threat intelligence patterning to characterize tactics, techniques and procedures (TTP). At the same time, we propose an Ethereum Blockchain Smart contract Marketplace to better incentivize the sharing of that knowledge between all parties involved as well as creating a standard CTI token as a digital asset with a promising value in the market. Simulations and an experimentation were performed to demonstrate its benefits and incentives, but also its potential limits with regard to storage and cost of transactions.
Internacional	Si
JCR del ISI	Si
T�tulo de la revista	Telecommunication Systems
ISSN	1018-4864
Factor de impacto JCR	1,527
Informaci�n de impacto	Datos JCR del a�o 2017
Volumen
DOI
N�mero de revista
Desde la p�gina	1
Hasta la p�gina	30
Mes	SIN MES
Ranking

Ver publicaci�n en Archivo digital upm

Esta actividad pertenece a memorias de investigaci�n

Participantes

Autor: Raul Riesco Granadino UPM
Autor: Xavier Andres Larriva Novo UPM
Autor: Victor Abraham Villagra Gonzalez UPM

Grupos de investigaci�n, Departamentos, Centros e Institutos de I+D+i relacionados

Creador: Grupo de Investigaci�n: Redes y Servicios de Telecomunicaci�n e Internet
Departamento: Ingenier�a de Sistemas Telem�ticos
Centro o Instituto I+D+i: Centro de I+d+i en Procesado de la Informaci�n y Telecomunicaciones