Cyber attacks are becoming more frequent and sophisticated, introducing significant challenges for organizations to protect their systems and data from threat actors. Today, threat actors are highly motivated, persistent, and well-founded and operate in a coordinated manner to commit a diversity of attacks using various sophisticated tactics, techniques, and procedures. Given the risks these threats present, it has become clear that organizations need to collaborate and share cyber threat information (CTI) and use it to improve their security posture. In this paper, we present TRADE -- TRusted Anonymous Data Exchange -- a collaborative, distributed, trusted, and anonymized CTI sharing platform based on blockchain technology. TRADE uses a blockchain-based access control framework designed to provide essential features and requirements to incentivize and encourage organizations to share threat intelligence information. In TRADE, organizations can fully control their data by defining sharing policies enforced by smart contracts used to control and manage CTI sharing in the network. TRADE allows organizations to preserve their anonymity while keeping organizations fully accountable for their action in the network. Finally, TRADE can be easily integrated within existing threat intelligence exchange protocols - such as trusted automated exchange of intelligence information (TAXII) and OpenDXL, thereby allowing a fast and smooth technology adaptation.
翻译:网络攻击越来越频繁和复杂,给各组织保护其系统和数据不受威胁行为体威胁带来了重大挑战。今天,威胁行为体具有高度动机、持久性和理由充分,以协调的方式利用各种尖端战术、技术和程序实施各种袭击。鉴于这些威胁所带来的风险,各组织显然需要合作和分享网络威胁信息,并利用这些信息来改进其安全态势。在本文件中,我们介绍贸易 -- -- TRusted匿名数据交换 -- -- 一个基于连锁技术的合作、分发、受信任和匿名化的CTI共享平台。贸易使用基于连锁系统的准入控制框架,以提供基本特征和要求,激励和鼓励组织分享威胁情报信息。在贸易中,各组织可以通过制定共享智能合同执行的政策来充分控制其数据,控制和管理网络中的网络威胁信息共享。贸易允许各组织保持匿名,同时让各组织对其在网络中的行动充分负责。最后,贸易可以很容易地纳入现有威胁情报交换协议 -- -- 例如可信赖的自动交换情报(TAXII)和OpenDXL,从而允许快速和顺利的技术。