Beyond Free Riding: Quality of Indicators for Assessing Participation in Information Sharing for Threat Intelligence
نویسندگان
چکیده
Threat intelligence sharing has become a growing concept, whereby entities can exchange patterns of threats with each other, in the form of indicators, to a community of trust for threat analysis and incident response. However, sharing threat-related information have posed various risks to an organization that pertains to its security, privacy, and competitiveness. Given the coinciding benefits and risks of threat information sharing, some entities have adopted an elusive behavior of “free-riding” so that they can acquire the benefits of sharing without contributing much to the community. So far, understanding the effectiveness of sharing has been viewed from the perspective of the amount of information exchanged as opposed to its quality. In this paper, we introduce the notion of quality of indicators (QoI) for the assessment of the level of contribution by participants in information sharing for threat intelligence. We exemplify this notion through various metrics, including correctness, relevance, utility, and uniqueness of indicators. In order to realize the notion of QoI, we conducted an empirical study and taken a benchmark approach to define quality metrics, then we obtained a reference dataset and utilized tools from the machine learning literature for quality assessment. We compared these results against a model that only considers the volume of information as a metric for contribution, and unveiled various interesting observations, including the ability to spot low quality contributions that are synonym to free riding in threat information sharing.
منابع مشابه
Coordination of Information Sharing and Cooperative Advertising in a Decentralized Supply Chain with Competing Retailers Considering Free Riding Behavior
This paper studies a decentralized supply chain in which a manufacturer sells a common generic product through two traditional and online retailers under free riding market. We assume that the traditional retailer provides the value added services but the online retailer does not. Factors such as retail prices, local advertising of the retailers, global advertising of the manufacturer and servi...
متن کاملRethinking Information Sharing for Actionable Threat Intelligence
In the past decade, the information security and threat landscape has grown significantly making it difficult for a single defender to defend against all attacks at the same time. This called for introducing information sharing, a paradigm in which threat indicators are shared in a community of trust to facilitate defenses. Standards for representation, exchange, and consumption of indicators a...
متن کاملDecaying Indicators of Compromise
The steady increase in the volume of indicators of compromise (IoC) as well as their volatile nature makes their processing challenging. Once compromised infrastructures are cleaned up, threat actors are moving to on to other target infrastructures or simply changing attack strategies. To ease the evaluation of IoCs as well as to harness the combined analysis capabilities, threat intelligence s...
متن کاملAssessing the Quality of General Medicine Curriculum in Baqiyatallah University Based on Iranian National and WFME Global Standards
Introduction: This study embarked on the evaluation of the quality of curriculum of general medicine in Baqiyatallah University based on Iranian national and WFME global standards. Method: A survey study was designed using a valid and reliable questionnaire based on Basic Standards for undergraduate general medicine curriculum in Iran as well as WFME standards. Data were collected from faculty...
متن کاملPinocchio: Incentives for Honest Participation in Distributed Trust Management
In this paper, we introduce a framework for providing incentives for honest participation in global-scale distributed trust management infrastructures. Our system can improve the quality of information supplied by these systems by reducing free-riding and encouraging honesty. Our approach is twofold: (1) we provide rewards for participants that advertise their experiences to others, and (2) imp...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1702.00552 شماره
صفحات -
تاریخ انتشار 2017