Privacy-Friendly Collaboration for Cyber Threat Mitigation

TL;DR

This paper introduces a privacy-preserving collaborative approach for cyber threat prediction, enabling organizations to share data securely within coalitions, significantly improving attack source forecasting accuracy.

Contribution

It presents a novel privacy-enhanced data sharing method for predictive blacklisting, allowing organizations to collaborate without revealing sensitive data.

Findings

Up to 105% improvement in prediction accuracy

Effective partner selection strategies enhance collaboration benefits

Validated on a real-world dataset of 2 billion IP addresses

Abstract

Sharing of security data across organizational boundaries has often been advocated as a promising way to enhance cyber threat mitigation. However, collaborative security faces a number of important challenges, including privacy, trust, and liability concerns with the potential disclosure of sensitive data. In this paper, we focus on data sharing for predictive blacklisting, i.e., forecasting attack sources based on past attack information. We propose a novel privacy-enhanced data sharing approach in which organizations estimate collaboration benefits without disclosing their datasets, organize into coalitions of allied organizations, and securely share data within these coalitions. We study how different partner selection strategies affect prediction accuracy by experimenting on a real-world dataset of 2 billion IP addresses and observe up to a 105% prediction improvement.