SeCTIS: A Framework to Secure CTI Sharing

TL;DR

SeCTIS is a novel framework that combines Swarm Learning and Blockchain to enable privacy-preserving, trustworthy sharing of Cyber Threat Intelligence among organizations, enhancing security and collaboration.

Contribution

It introduces a secure CTI sharing framework using blockchain, Swarm Learning, and Zero Knowledge Proofs to ensure privacy, data quality, and participant trustworthiness.

Findings

Framework demonstrates correctness and performance in experiments

Provides mechanisms for data and model quality assessment

Shows robustness against various attack models

Abstract

The rise of IT-dependent operations in modern organizations has heightened their vulnerability to cyberattacks. As a growing number of organizations include smart, interconnected devices in their systems to automate their processes, the attack surface becomes much bigger, and the complexity and frequency of attacks pose a significant threat. Consequently, organizations have been compelled to seek innovative approaches to mitigate the menaces inherent in their infrastructure. In response, considerable research efforts have been directed towards creating effective solutions for sharing Cyber Threat Intelligence (CTI). Current information-sharing methods lack privacy safeguards, leaving organizations vulnerable to leaks of both proprietary and confidential data. To tackle this problem, we designed a novel framework called SeCTIS (Secure Cyber Threat Intelligence Sharing), integrating Swarm Learning and Blockchain technologies to enable businesses to collaborate, preserving the privacy of their CTI data. Moreover, our approach provides a way to assess the data and model quality, and the trustworthiness of all the participants leveraging some validators through Zero Knowledge Proofs. An extensive experimental campaign demonstrates our framework's correctness and performance, and the detailed attack model discusses its robustness against attacks in the context of data and model quality.