Privacy-Friendly Collaboration for Cyber Threat Mitigation
This addresses privacy and trust issues for organizations sharing security data, though it is incremental as it builds on existing predictive blacklisting methods.
The paper tackles the problem of privacy concerns in collaborative cyber threat mitigation by proposing a privacy-enhanced data sharing approach for predictive blacklisting, resulting in up to a 105% improvement in prediction accuracy on a real-world dataset of 2 billion IP addresses.
Sharing of security data across organizational boundaries has often been advocated as a promising way to enhance cyber threat mitigation. However, collaborative security faces a number of important challenges, including privacy, trust, and liability concerns with the potential disclosure of sensitive data. In this paper, we focus on data sharing for predictive blacklisting, i.e., forecasting attack sources based on past attack information. We propose a novel privacy-enhanced data sharing approach in which organizations estimate collaboration benefits without disclosing their datasets, organize into coalitions of allied organizations, and securely share data within these coalitions. We study how different partner selection strategies affect prediction accuracy by experimenting on a real-world dataset of 2 billion IP addresses and observe up to a 105% prediction improvement.