Trusted Threat Intelligence Sharing in Practice and Performance Benchmarking through the Hyperledger Fabric Platform

Ali, Hisham; Ahmad, Jawad; Jaroucheh, Zakwan; Papadopoulos, Pavlos; Pitropakis, Nikolaos; Lo, Owen; Abramson, Will; Buchanan, William J.

doi:10.3390/e24101379

Trusted Threat Intelligence Sharing in Practice and Performance Benchmarking through the Hyperledger Fabric Platform

Ali, Hisham; Ahmad, Jawad; Jaroucheh, Zakwan; Papadopoulos, Pavlos; Pitropakis, Nikolaos; Lo, Owen; Abramson, Will; Buchanan, William J.

Authors

Hisham Ali H.Ali@napier.ac.uk
Student Experience

Dr Jawad Ahmad J.Ahmad@napier.ac.uk
Visiting Lecturer

Dr Zakwan Jaroucheh Z.Jaroucheh@napier.ac.uk
Associate Professor

Dr Pavlos Papadopoulos P.Papadopoulos@napier.ac.uk
Lecturer

Dr Nick Pitropakis N.Pitropakis@napier.ac.uk
Associate Professor

Dr Owen Lo O.Lo@napier.ac.uk
Senior Research Fellow

Will Abramson

Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor

Abstract

Historically, threat information sharing has relied on manual modelling and centralised network systems, which can be inefficient, insecure, and prone to errors. Alternatively, private blockchains are now widely used to address these issues and improve overall organisational security. An organisation’s vulnerabilities to attacks might change over time. It is utterly important to find a balance among a current threat, the potential countermeasures, their consequences and costs, and the estimation of the overall risk that this provides to the organisation. For enhancing organisational security and automation, applying threat intelligence technology is critical for detecting, classifying, analysing, and sharing new cyberattack tactics. Trusted partner organisations can then share newly identified threats to improve their defensive capabilities against unknown attacks. On this basis, organisations can help reduce the risk of a cyberattack by providing access to past and current cybersecurity events through blockchain smart contracts and the Interplanetary File System (IPFS). The suggested combination of technologies can make organisational systems more reliable and secure, improving system automation and data quality. This paper outlines a privacy-preserving mechanism for threat information sharing in a trusted way. It proposes a reliable and secure architecture for data automation, quality, and traceability based on the Hyperledger Fabric private-permissioned distributed ledger technology and the MITRE ATT&CK threat intelligence framework. This methodology can also be applied to combat intellectual property theft and industrial espionage.

Citation

Ali, H., Ahmad, J., Jaroucheh, Z., Papadopoulos, P., Pitropakis, N., Lo, O., Abramson, W., & Buchanan, W. J. (2022). Trusted Threat Intelligence Sharing in Practice and Performance Benchmarking through the Hyperledger Fabric Platform. Entropy, 24(10), Article 1379. https://doi.org/10.3390/e24101379

Journal Article Type	Article
Acceptance Date	Sep 21, 2022
Online Publication Date	Sep 28, 2022
Publication Date	2022
Deposit Date	Oct 1, 2022
Publicly Available Date	Jun 26, 2023
Journal	Entropy
Publisher	MDPI
Peer Reviewed	Peer Reviewed
Volume	24
Issue	10
Article Number	1379
DOI	https://doi.org/10.3390/e24101379
Keywords	blockchain; smart contract; Hyperledger Fabric; privacy-preserving; Interplanetary File System (IPFS); threat intelligence sharing; MITRE ATT&CK framework; cyber hunting
Public URL	http://researchrepository.napier.ac.uk/Output/2926461
Publisher URL	https://www.mdpi.com/1099-4300/24/10/1379/htm