Efficient Private Analytics in a Cybersecurity Threat Intelligence Exchange
AltmetricsView Usage Statistics
Cyber threat intelligence (CTI) sharing has become increasingly important as a tech-nique to mitigate cyber threats and attacks. Data breaches often share commonindicators and CTI sharing allows organizations to learn from shortcomings and im-prove the overall state of cyber defense. However, data sharing can be seriouslyhindered by perceived privacy and security risk: threat data often reveals sensitiveinformation about an organization’s IT assets, implying that organizations may needguarantees of anonymity to participate in an exchange. This research proposes aprivacy-preserving system for fast and practical search over encrypted CTI data. Ourdesign goals were to create an open and extensible system that safely utilized existingsearchable encryption primitives. Our work is similar to, but improves upon, existingencrypted databases such as CryptDB. We show several novel security safeguards onencrypted CTI sharing, such as access-control by default , min-entropy measurement,and smart index selection and joining. We also show several performance enhance-ments that make our system efficient with multiple CTI contributors, particularlyenabling data fusion across a variety of heterogeneous and unstructured data sources.