Abstract
In the process of increasing cybersecurity attack and defense confrontation, there is a natural asymmetry between the offensive and defense. The Cyber Threat Intelligence (CTI) sharing mechanism is an effective means to improve the emergency-response ability of the protection party. However, currently, there are no effective sharing schemes in the community network to facilitate cross-sector threat intelligence sharing. This paper presents a collaborative threat intelligence sharing mechanism based on the blackboard model, which can be used to identify potential risks, prevent cyber attacks at an early stage, and facilitate community incident response. According to the China National Standard “Cyber security threat information format”, we divide threat intelligence sharing into routine and attack-specific threat intelligence sharing. Also, we design an attack-specific threat intelligence sharing module based on the blackboard model and describe the sharing process. Finally, we design the blackboard monitoring mechanism as a Multi-Agent System (MAS) to realize many tasks in the sharing process. Our scheme is illustrated by several CTI sharing scenarios in the community.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
https://www.cert.org.cn; July 2019
References
Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: De Decker, B., Zúquete, A. (eds.) CMS 2014. LNCS, vol. 8735, pp. 63–72. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44885-4_5
Verizon: 2019 data breach investigations report. https://enterprise.verizon.com/resources/reports/dbir/
Kaspersky: APT trends report Q1 2019. https://securelist.com/apt-trends-report-q1-2019/90643/
Yang, P., Wu, Y., Cu, L., Liu, B.: Overview of threat intelligence sharing technologies in cyberspace. Comput. Sci. 45(6), 9–18 (2018). (in Chinese)
Zhao, W., White, G.: A collaborative information sharing framework for community cyber security. In: 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 457–462. IEEE (2012)
Zhao, W., White, G.: Designing a formal model facilitating collaborative information sharing for community cyber security. In: 2014 47th Hawaii International Conference on System Sciences, pp. 1987–1996. IEEE (2014)
Agarwal, R., Prasad, K.: A blackboard framework for the design of group decision support systems. Behav. Inf. Technol. 13(4), 277–284 (1994)
Straub, J., Reza, H.: The use of the blackboard architecture for a decision making system for the control of craft with various actuator and movement capabilities. In: 2014 11th International Conference on Information Technology: New Generations, pp. 514–519. IEEE (2014)
Zhang, Y., Zhang, L., Du, Z.: Distributed blackboard decision-making framework for collaborative planning based on nested genetic algorithm. J. Syst. Eng. Electron. 26(6), 1236–1243 (2015)
Liu, J., Zhang, Y.: A collaborative task decision-making method based on blackboard framework. Fire Control & Command Control 42(11), 43–48 (2017) (in Chinese)
Chu, H.D.: A blackboard-based decision support framework for testing client/server applications. In: 2012 Third World Congress on Software Engineering, pp. 131–135. IEEE (2012)
Herold, N., Kinkelin, H., Carle, G.: Collaborative incident handling based on the blackboard-pattern. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 25–34. ACM (2016)
Silva, O., Garcia, A., Lucena, C.: The reflective blackboard pattern: architecting large multi-agent systems. In: Garcia, A., Lucena, C., Zambonelli, F., Omicini, A., Castro, J. (eds.) SELMAS 2002. LNCS, vol. 2603, pp. 73–93. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-35828-5_5
He, L., Li, G., Xing, L., Chen, Y.: An autonomous multi-sensor satellite system based on multi-agent blackboard model autonomiczny wieloczujnikowy system satelitarny oparty na wieloagentowym modelu tablicowym. EKSPLOATACJA I NIEZAWODNOSC 19(3), 447 (2017)
Jurado, F., Redondo, M.A., Ortega, M.: Blackboard architecture to integrate components and agents in heterogeneous distributed elearning systems: an application for learning to program. J. Syst. Softw. 85(7), 1621–1636 (2012)
Huang, M.J., Chiang, H.K., Wu, P.F., Hsieh, Y.J.: A multi-strategy machine learning student modeling for intelligent tutoring systems: based on blackboard approach. Library Hi Tech 31(2), 274–293 (2013)
Prem Kumar, G.: Integrated network management using extended blackboard architecture. Ph.D. thesis (2013)
US DHS Cyber Security R&D Center: a roadmap for cybersecurity research. Technical report, DHS (2009)
ENISA: Practical guide/roadmap for a suitable channel for secure communication: secure communication with the certs & other stakeholders. Technical report, ENISA (2011)
Kampanakis, P.: Security automation and threat information-sharing options. IEEE Secur. Priv. 12(5), 42–51 (2014)
Vázquez, D.F., Acosta, O.P., Spirito, C., Brown, S., Reid, E.: Conceptual framework for cyber defense information sharing within trust relationships. In: 2012 4th International Conference on Cyber Conflict, CYCON 2012, pp. 1–17. IEEE (2012)
Haass, J.C., Ahn, G.J., Grimmelmann, F.: ACTRA: a case study for threat information sharing. In: Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, pp. 23–26. ACM (2015)
Sandhu, R., Krishnan, R., White, G.B.: Towards secure information sharing models for community cyber security. In: 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing, CollaborateCom 2010, pp. 1–6. IEEE (2010)
Serrano, O., Dandurand, L., Brown, S.: On the design of a cyber security data sharing system. In: Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security, pp. 61–69. ACM (2014)
Skopik, F., Settanni, G., Fiedler, R.: A problem shared is a problem halved: a survey on the dimensions of collective cyber defense through security information sharing. Comput. Secur. 60, 154–176 (2016)
Goodwin, C., et al.: A framework for cybersecurity information sharing and risk reduction. Microsoft (2015)
Mutemwa, M., Mtsweni, J., Mkhonto, N.: Developing a cyber threat intelligence sharing platform for South African organisations. In: 2017 Conference on Information Communication Technology and Society (ICTAS), pp. 1–6. IEEE (2017)
Wagner, C., Dulaunoy, A., Wagener, G., Iklody, A.: MISP: the design and implementation of a collaborative threat intelligence sharing platform. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 49–56. ACM (2016)
Johnson, C., Badger, M., Waltermire, D., Snyder, J., Skorupka, C.: Guide to cyber threat information sharing. Technical report, National Institute of Standards and Technology (2016)
Bedrijfsrevisoren, D., De Muynck, J., Portesi, S.: Cyber security information sharing: an overview of regulatory and non-regulatory approaches. ENISA (2015)
Hayes-Roth, B.: A blackboard architecture for control. Artif. intell. 26(3), 251–321 (1985)
Waterman, D.: A Guide to Expert Systems. Pearson, London (1986)
Cai, L., et al.: Information security technology-Cyber security threat information format. Technical report, China Electronics Standardization Institute (2018)
Zhang, B.: Research on multi-agent system and its classical problems. http://bokekeji.blogchina.com/3046743.html
Krishnan, R., Niu, J., Sandhu, R., Winsborough, W.H.: Group-centric secure information-sharing models for isolated groups. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(3), 23 (2011)
Acknowledgements
The National Key R&D Program China (2018YFB0804701), The National Natural Science Foundation of China (No. U1836210,No. 61572460), The Open Project Program of The State Key Laboratory of Information Security (2017-ZD-01), The National Information Security Special Projects of National Development and Reform Commission of China [(2012)1424].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Lin, Y., Wang, H., Yang, B., Liu, M., Li, Y., Zhang, Y. (2019). A Blackboard Sharing Mechanism for Community Cyber Threat Intelligence Based on Multi-Agent System. In: Chen, X., Huang, X., Zhang, J. (eds) Machine Learning for Cyber Security. ML4CS 2019. Lecture Notes in Computer Science(), vol 11806. Springer, Cham. https://doi.org/10.1007/978-3-030-30619-9_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-30619-9_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30618-2
Online ISBN: 978-3-030-30619-9
eBook Packages: Computer ScienceComputer Science (R0)