Privacy-Friendly Collaboration for Cyber Threat Mitigation

In recent years, security solutions have increasingly focused on actively predicting future attacks. Since prediction accuracy can improve with more information about the attackers, sharing securityrelevant data among organizations is often being advocated. However, collaborative security approaches are rarely implemented due to related trust, privacy, and liability concerns. In this paper, we explore a novel approach to collaborative threat mitigation where organizations estimate the benefits of data sharing with potential partners in a privacy-preserving way (i.e., without actually disclosing their dataset). Data sharing then occurs securely within coalitions of allied organizations. We focus on collaborative predictive blacklisting, i.e., predicting sources of future attacks based on both one’s own data and that of a few selected partners. We study how different collaboration strategies affect prediction accuracy by experimenting on a real-world dataset of 2 billion IP addresses and observe up to a 105% improvement.