Skip to main content
SpringerLink
Log in

A Blackboard Sharing Mechanism for Community Cyber Threat Intelligence Based on Multi-Agent System

  • Conference paper
  • First Online:
Book cover Machine Learning for Cyber Security (ML4CS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11806))

Included in the following conference series:

Abstract

In the process of increasing cybersecurity attack and defense confrontation, there is a natural asymmetry between the offensive and defense. The Cyber Threat Intelligence (CTI) sharing mechanism is an effective means to improve the emergency-response ability of the protection party. However, currently, there are no effective sharing schemes in the community network to facilitate cross-sector threat intelligence sharing. This paper presents a collaborative threat intelligence sharing mechanism based on the blackboard model, which can be used to identify potential risks, prevent cyber attacks at an early stage, and facilitate community incident response. According to the China National Standard “Cyber security threat information format”, we divide threat intelligence sharing into routine and attack-specific threat intelligence sharing. Also, we design an attack-specific threat intelligence sharing module based on the blackboard model and describe the sharing process. Finally, we design the blackboard monitoring mechanism as a Multi-Agent System (MAS) to realize many tasks in the sharing process. Our scheme is illustrated by several CTI sharing scenarios in the community.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.cert.org.cn; July 2019

References

  1. Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: De Decker, B., Zúquete, A. (eds.) CMS 2014. LNCS, vol. 8735, pp. 63–72. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44885-4_5

    Chapter  Google Scholar 

  2. Verizon: 2019 data breach investigations report. https://enterprise.verizon.com/resources/reports/dbir/

  3. Kaspersky: APT trends report Q1 2019. https://securelist.com/apt-trends-report-q1-2019/90643/

  4. Yang, P., Wu, Y., Cu, L., Liu, B.: Overview of threat intelligence sharing technologies in cyberspace. Comput. Sci. 45(6), 9–18 (2018). (in Chinese)

    Google Scholar 

  5. Zhao, W., White, G.: A collaborative information sharing framework for community cyber security. In: 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 457–462. IEEE (2012)

    Google Scholar 

  6. Zhao, W., White, G.: Designing a formal model facilitating collaborative information sharing for community cyber security. In: 2014 47th Hawaii International Conference on System Sciences, pp. 1987–1996. IEEE (2014)

    Google Scholar 

  7. Agarwal, R., Prasad, K.: A blackboard framework for the design of group decision support systems. Behav. Inf. Technol. 13(4), 277–284 (1994)

    Article  Google Scholar 

  8. Straub, J., Reza, H.: The use of the blackboard architecture for a decision making system for the control of craft with various actuator and movement capabilities. In: 2014 11th International Conference on Information Technology: New Generations, pp. 514–519. IEEE (2014)

    Google Scholar 

  9. Zhang, Y., Zhang, L., Du, Z.: Distributed blackboard decision-making framework for collaborative planning based on nested genetic algorithm. J. Syst. Eng. Electron. 26(6), 1236–1243 (2015)

    Article  Google Scholar 

  10. Liu, J., Zhang, Y.: A collaborative task decision-making method based on blackboard framework. Fire Control & Command Control 42(11), 43–48 (2017) (in Chinese)

    Google Scholar 

  11. Chu, H.D.: A blackboard-based decision support framework for testing client/server applications. In: 2012 Third World Congress on Software Engineering, pp. 131–135. IEEE (2012)

    Google Scholar 

  12. Herold, N., Kinkelin, H., Carle, G.: Collaborative incident handling based on the blackboard-pattern. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 25–34. ACM (2016)

    Google Scholar 

  13. Silva, O., Garcia, A., Lucena, C.: The reflective blackboard pattern: architecting large multi-agent systems. In: Garcia, A., Lucena, C., Zambonelli, F., Omicini, A., Castro, J. (eds.) SELMAS 2002. LNCS, vol. 2603, pp. 73–93. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-35828-5_5

    Chapter  MATH  Google Scholar 

  14. He, L., Li, G., Xing, L., Chen, Y.: An autonomous multi-sensor satellite system based on multi-agent blackboard model autonomiczny wieloczujnikowy system satelitarny oparty na wieloagentowym modelu tablicowym. EKSPLOATACJA I NIEZAWODNOSC 19(3), 447 (2017)

    Article  Google Scholar 

  15. Jurado, F., Redondo, M.A., Ortega, M.: Blackboard architecture to integrate components and agents in heterogeneous distributed elearning systems: an application for learning to program. J. Syst. Softw. 85(7), 1621–1636 (2012)

    Article  Google Scholar 

  16. Huang, M.J., Chiang, H.K., Wu, P.F., Hsieh, Y.J.: A multi-strategy machine learning student modeling for intelligent tutoring systems: based on blackboard approach. Library Hi Tech 31(2), 274–293 (2013)

    Article  Google Scholar 

  17. Prem Kumar, G.: Integrated network management using extended blackboard architecture. Ph.D. thesis (2013)

    Google Scholar 

  18. US DHS Cyber Security R&D Center: a roadmap for cybersecurity research. Technical report, DHS (2009)

    Google Scholar 

  19. ENISA: Practical guide/roadmap for a suitable channel for secure communication: secure communication with the certs & other stakeholders. Technical report, ENISA (2011)

    Google Scholar 

  20. Kampanakis, P.: Security automation and threat information-sharing options. IEEE Secur. Priv. 12(5), 42–51 (2014)

    Article  Google Scholar 

  21. Vázquez, D.F., Acosta, O.P., Spirito, C., Brown, S., Reid, E.: Conceptual framework for cyber defense information sharing within trust relationships. In: 2012 4th International Conference on Cyber Conflict, CYCON 2012, pp. 1–17. IEEE (2012)

    Google Scholar 

  22. Haass, J.C., Ahn, G.J., Grimmelmann, F.: ACTRA: a case study for threat information sharing. In: Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, pp. 23–26. ACM (2015)

    Google Scholar 

  23. Sandhu, R., Krishnan, R., White, G.B.: Towards secure information sharing models for community cyber security. In: 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing, CollaborateCom 2010, pp. 1–6. IEEE (2010)

    Google Scholar 

  24. Serrano, O., Dandurand, L., Brown, S.: On the design of a cyber security data sharing system. In: Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security, pp. 61–69. ACM (2014)

    Google Scholar 

  25. Skopik, F., Settanni, G., Fiedler, R.: A problem shared is a problem halved: a survey on the dimensions of collective cyber defense through security information sharing. Comput. Secur. 60, 154–176 (2016)

    Article  Google Scholar 

  26. Goodwin, C., et al.: A framework for cybersecurity information sharing and risk reduction. Microsoft (2015)

    Google Scholar 

  27. Mutemwa, M., Mtsweni, J., Mkhonto, N.: Developing a cyber threat intelligence sharing platform for South African organisations. In: 2017 Conference on Information Communication Technology and Society (ICTAS), pp. 1–6. IEEE (2017)

    Google Scholar 

  28. Wagner, C., Dulaunoy, A., Wagener, G., Iklody, A.: MISP: the design and implementation of a collaborative threat intelligence sharing platform. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 49–56. ACM (2016)

    Google Scholar 

  29. Johnson, C., Badger, M., Waltermire, D., Snyder, J., Skorupka, C.: Guide to cyber threat information sharing. Technical report, National Institute of Standards and Technology (2016)

    Google Scholar 

  30. Bedrijfsrevisoren, D., De Muynck, J., Portesi, S.: Cyber security information sharing: an overview of regulatory and non-regulatory approaches. ENISA (2015)

    Google Scholar 

  31. Hayes-Roth, B.: A blackboard architecture for control. Artif. intell. 26(3), 251–321 (1985)

    Article  Google Scholar 

  32. Waterman, D.: A Guide to Expert Systems. Pearson, London (1986)

    Google Scholar 

  33. Cai, L., et al.: Information security technology-Cyber security threat information format. Technical report, China Electronics Standardization Institute (2018)

    Google Scholar 

  34. Zhang, B.: Research on multi-agent system and its classical problems. http://bokekeji.blogchina.com/3046743.html

  35. Krishnan, R., Niu, J., Sandhu, R., Winsborough, W.H.: Group-centric secure information-sharing models for isolated groups. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(3), 23 (2011)

    Article  Google Scholar 

Download references

Acknowledgements

The National Key R&D Program China (2018YFB0804701), The National Natural Science Foundation of China (No. U1836210,No. 61572460), The Open Project Program of The State Key Laboratory of Information Security (2017-ZD-01), The National Information Security Special Projects of National Development and Reform Commission of China [(2012)1424].

Author information

Authors and Affiliations

  1. School of Cyber Engineering, Xidian University, Xi’an, Shaanxi, China

    Yue Lin, He Wang, Bowen Yang, Mingrui Liu, Yin Li & Yuqing Zhang

  2. National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing, China

    Yue Lin, He Wang, Bowen Yang, Mingrui Liu, Yin Li & Yuqing Zhang

Authors
  1. Yue Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. He Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bowen Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mingrui Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yin Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yuqing Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuqing Zhang .

Editor information

Editors and Affiliations

  1. Xidian University, Xi’an, China

    Xiaofeng Chen

  2. Fujian Normal University, Fuzhou, China

    Xinyi Huang

  3. Swinburne University of Technology, Hawthorn, VIC, Australia

    Jun Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lin, Y., Wang, H., Yang, B., Liu, M., Li, Y., Zhang, Y. (2019). A Blackboard Sharing Mechanism for Community Cyber Threat Intelligence Based on Multi-Agent System. In: Chen, X., Huang, X., Zhang, J. (eds) Machine Learning for Cyber Security. ML4CS 2019. Lecture Notes in Computer Science(), vol 11806. Springer, Cham. https://doi.org/10.1007/978-3-030-30619-9_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-30619-9_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-30618-2

  • Online ISBN: 978-3-030-30619-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation