Privacy-preserving correlation of threat events and attributes across producers and consumers.
Authors: Davy Preuveneers and Wouter Joosen / KU Leuven, DistriNet
Building upon our award winning research in collaborative and privacy-preserving cyber threat intelligence at ARES 2022, our efforts culminated in the refinement and enhancement of our proof-of-concept solution, the results of which have been published in the Computers & Security journal.
This advancement serves as an important practical milestone, laying the foundation for our ongoing endeavors in the KINAITICS project. In the future, it will enable us to technically support the KINAITICS Threat Matrix in contemporary threat intelligence platforms. This validation is essential, as it will further strengthen our understanding of attacks targeting Artificial Intelligence and Cyber Physical Systems. Importantly, our approach emphasizes the delicate balance of managing sensitive and confidential information, while still obtaining actionable insights.
Davy Preuveneers, Wouter Joosen, Privacy-preserving correlation of cross-organizational cyber threat intelligence with private graph intersections, Computers & Security, Volume 135,
2023, 103505, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2023.103505.
Abstract: Sharing cyber threat intelligence is important because it allows organizations to stay ahead of new and emerging threats, prevent downtime and improve their overall security posture. Information about known vulnerabilities and post-mortem analyses of successful attacks is instrumental to make tactical decisions and implement adequate countermeasures. However, organizations are hesitant or cautious to share their locally collected cyber threat intelligence with third parties because of possible damage to the organization’s reputation, legal or liability concerns, or the risk that the information is used against them. In order to promote a collaborative cybersecurity environment that accommodates the varying confidentiality requirements of both threat intelligence producers and consumers, we introduce and assess a viable solution for preserving privacy while sharing and analyzing sensitive or confidential data. This solution is designed to work seamlessly with modern cyber threat intelligence platforms. Furthermore, we examine the security implications and computational impact associated with these techniques, enabling the analysis of correlations between threat events in a manner that respects confidentiality and extends across multiple organizations involved in information sharing.