Advertisement

A Blackboard Sharing Mechanism for Community Cyber Threat Intelligence Based on Multi-Agent System

  • Yue Lin
  • He Wang
  • Bowen Yang
  • Mingrui Liu
  • Yin Li
  • Yuqing ZhangEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11806)

Abstract

In the process of increasing cybersecurity attack and defense confrontation, there is a natural asymmetry between the offensive and defense. The Cyber Threat Intelligence (CTI) sharing mechanism is an effective means to improve the emergency-response ability of the protection party. However, currently, there are no effective sharing schemes in the community network to facilitate cross-sector threat intelligence sharing. This paper presents a collaborative threat intelligence sharing mechanism based on the blackboard model, which can be used to identify potential risks, prevent cyber attacks at an early stage, and facilitate community incident response. According to the China National Standard “Cyber security threat information format”, we divide threat intelligence sharing into routine and attack-specific threat intelligence sharing. Also, we design an attack-specific threat intelligence sharing module based on the blackboard model and describe the sharing process. Finally, we design the blackboard monitoring mechanism as a Multi-Agent System (MAS) to realize many tasks in the sharing process. Our scheme is illustrated by several CTI sharing scenarios in the community.

Keywords

CTI Threat intelligence sharing Blackboard Monitoring mechanism MAS 

Notes

Acknowledgements

The National Key R&D Program China (2018YFB0804701), The National Natural Science Foundation of China (No. U1836210,No. 61572460), The Open Project Program of The State Key Laboratory of Information Security (2017-ZD-01), The National Information Security Special Projects of National Development and Reform Commission of China [(2012)1424].

References

  1. 1.
    Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: De Decker, B., Zúquete, A. (eds.) CMS 2014. LNCS, vol. 8735, pp. 63–72. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44885-4_5CrossRefGoogle Scholar
  2. 2.
    Verizon: 2019 data breach investigations report. https://enterprise.verizon.com/resources/reports/dbir/
  3. 3.
    Kaspersky: APT trends report Q1 2019. https://securelist.com/apt-trends-report-q1-2019/90643/
  4. 4.
    Yang, P., Wu, Y., Cu, L., Liu, B.: Overview of threat intelligence sharing technologies in cyberspace. Comput. Sci. 45(6), 9–18 (2018). (in Chinese)Google Scholar
  5. 5.
    Zhao, W., White, G.: A collaborative information sharing framework for community cyber security. In: 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 457–462. IEEE (2012)Google Scholar
  6. 6.
    Zhao, W., White, G.: Designing a formal model facilitating collaborative information sharing for community cyber security. In: 2014 47th Hawaii International Conference on System Sciences, pp. 1987–1996. IEEE (2014)Google Scholar
  7. 7.
    Agarwal, R., Prasad, K.: A blackboard framework for the design of group decision support systems. Behav. Inf. Technol. 13(4), 277–284 (1994)CrossRefGoogle Scholar
  8. 8.
    Straub, J., Reza, H.: The use of the blackboard architecture for a decision making system for the control of craft with various actuator and movement capabilities. In: 2014 11th International Conference on Information Technology: New Generations, pp. 514–519. IEEE (2014)Google Scholar
  9. 9.
    Zhang, Y., Zhang, L., Du, Z.: Distributed blackboard decision-making framework for collaborative planning based on nested genetic algorithm. J. Syst. Eng. Electron. 26(6), 1236–1243 (2015) CrossRefGoogle Scholar
  10. 10.
    Liu, J., Zhang, Y.: A collaborative task decision-making method based on blackboard framework. Fire Control & Command Control 42(11), 43–48 (2017) (in Chinese)Google Scholar
  11. 11.
    Chu, H.D.: A blackboard-based decision support framework for testing client/server applications. In: 2012 Third World Congress on Software Engineering, pp. 131–135. IEEE (2012)Google Scholar
  12. 12.
    Herold, N., Kinkelin, H., Carle, G.: Collaborative incident handling based on the blackboard-pattern. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 25–34. ACM (2016)Google Scholar
  13. 13.
    Silva, O., Garcia, A., Lucena, C.: The reflective blackboard pattern: architecting large multi-agent systems. In: Garcia, A., Lucena, C., Zambonelli, F., Omicini, A., Castro, J. (eds.) SELMAS 2002. LNCS, vol. 2603, pp. 73–93. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-35828-5_5CrossRefzbMATHGoogle Scholar
  14. 14.
    He, L., Li, G., Xing, L., Chen, Y.: An autonomous multi-sensor satellite system based on multi-agent blackboard model autonomiczny wieloczujnikowy system satelitarny oparty na wieloagentowym modelu tablicowym. EKSPLOATACJA I NIEZAWODNOSC 19(3), 447 (2017)CrossRefGoogle Scholar
  15. 15.
    Jurado, F., Redondo, M.A., Ortega, M.: Blackboard architecture to integrate components and agents in heterogeneous distributed elearning systems: an application for learning to program. J. Syst. Softw. 85(7), 1621–1636 (2012)CrossRefGoogle Scholar
  16. 16.
    Huang, M.J., Chiang, H.K., Wu, P.F., Hsieh, Y.J.: A multi-strategy machine learning student modeling for intelligent tutoring systems: based on blackboard approach. Library Hi Tech 31(2), 274–293 (2013)CrossRefGoogle Scholar
  17. 17.
    Prem Kumar, G.: Integrated network management using extended blackboard architecture. Ph.D. thesis (2013)Google Scholar
  18. 18.
    US DHS Cyber Security R&D Center: a roadmap for cybersecurity research. Technical report, DHS (2009)Google Scholar
  19. 19.
    ENISA: Practical guide/roadmap for a suitable channel for secure communication: secure communication with the certs & other stakeholders. Technical report, ENISA (2011)Google Scholar
  20. 20.
    Kampanakis, P.: Security automation and threat information-sharing options. IEEE Secur. Priv. 12(5), 42–51 (2014)CrossRefGoogle Scholar
  21. 21.
    Vázquez, D.F., Acosta, O.P., Spirito, C., Brown, S., Reid, E.: Conceptual framework for cyber defense information sharing within trust relationships. In: 2012 4th International Conference on Cyber Conflict, CYCON 2012, pp. 1–17. IEEE (2012)Google Scholar
  22. 22.
    Haass, J.C., Ahn, G.J., Grimmelmann, F.: ACTRA: a case study for threat information sharing. In: Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, pp. 23–26. ACM (2015)Google Scholar
  23. 23.
    Sandhu, R., Krishnan, R., White, G.B.: Towards secure information sharing models for community cyber security. In: 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing, CollaborateCom 2010, pp. 1–6. IEEE (2010)Google Scholar
  24. 24.
    Serrano, O., Dandurand, L., Brown, S.: On the design of a cyber security data sharing system. In: Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security, pp. 61–69. ACM (2014)Google Scholar
  25. 25.
    Skopik, F., Settanni, G., Fiedler, R.: A problem shared is a problem halved: a survey on the dimensions of collective cyber defense through security information sharing. Comput. Secur. 60, 154–176 (2016)CrossRefGoogle Scholar
  26. 26.
    Goodwin, C., et al.: A framework for cybersecurity information sharing and risk reduction. Microsoft (2015)Google Scholar
  27. 27.
    Mutemwa, M., Mtsweni, J., Mkhonto, N.: Developing a cyber threat intelligence sharing platform for South African organisations. In: 2017 Conference on Information Communication Technology and Society (ICTAS), pp. 1–6. IEEE (2017)Google Scholar
  28. 28.
    Wagner, C., Dulaunoy, A., Wagener, G., Iklody, A.: MISP: the design and implementation of a collaborative threat intelligence sharing platform. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 49–56. ACM (2016)Google Scholar
  29. 29.
    Johnson, C., Badger, M., Waltermire, D., Snyder, J., Skorupka, C.: Guide to cyber threat information sharing. Technical report, National Institute of Standards and Technology (2016)Google Scholar
  30. 30.
    Bedrijfsrevisoren, D., De Muynck, J., Portesi, S.: Cyber security information sharing: an overview of regulatory and non-regulatory approaches. ENISA (2015)Google Scholar
  31. 31.
    Hayes-Roth, B.: A blackboard architecture for control. Artif. intell. 26(3), 251–321 (1985)CrossRefGoogle Scholar
  32. 32.
    Waterman, D.: A Guide to Expert Systems. Pearson, London (1986)Google Scholar
  33. 33.
    Cai, L., et al.: Information security technology-Cyber security threat information format. Technical report, China Electronics Standardization Institute (2018)Google Scholar
  34. 34.
    Zhang, B.: Research on multi-agent system and its classical problems. http://bokekeji.blogchina.com/3046743.html
  35. 35.
    Krishnan, R., Niu, J., Sandhu, R., Winsborough, W.H.: Group-centric secure information-sharing models for isolated groups. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(3), 23 (2011)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Yue Lin
    • 1
    • 2
  • He Wang
    • 1
    • 2
  • Bowen Yang
    • 1
    • 2
  • Mingrui Liu
    • 1
    • 2
  • Yin Li
    • 1
    • 2
  • Yuqing Zhang
    • 1
    • 2
    Email author
  1. 1.School of Cyber EngineeringXidian UniversityXi’anChina
  2. 2.National Computer Network Intrusion Protection CenterUniversity of Chinese Academy of SciencesBeijingChina

Personalised recommendations