A Reputation-based Approach using Consortium Blockchain for Cyber Threat Intelligence Sharing

The CTI (Cyber Threat Intelligence) sharing and exchange is an effective method to improve the responsiveness of the protection party. Blockchain technology enables sharing collaboration consortium to conduct a trusted CTI sharing and exchange without a trusted centralized institution. However, the distributed connectivity of the blockchain-based CTI sharing model proposed before exposes the systems into byzantine attacks, the compromised members of partner organizations will further decrease the accuracy and trust level of CTI by generating false reporting. To address the unbalance issues of performance in speed, scalability and security, this paper proposes a new blockchain-based CTI model, which combines consortium blockchain and distributed reputation management systems to achieve automated analysis and response of tactical threat intelligence. In addition, the novel consensus algorithm of consortium blockchain that is fit for CTI sharing and exchange introduced in this paper. The new consensus algorithm is called 'Proof-of Reputation' (PoR) consensus, which meets the requirements of transaction rate and makes the consensus in a creditable network environment through constructing a reputation model. Finally, the effectiveness and security performance of the proposed model and consensus algorithm is verified by experiments.