Computer Science ›› 2018, Vol. 45 ›› Issue (6): 9-18.doi: 10.11896/j.issn.1002-137X.2018.06.002

• Surveys • Previous Articles     Next Articles

Overview of Threat Intelligence Sharing Technologies in Cyberspace

YANG Pei-an1,2, WU Yang1,3, SU Li-ya1,3, LIU Bao-xu1,3   

  1. University of Chinese Academy of Sciences,Beijing 100049,China1;
    Institute of High Energy Physics,Chinese Academy of Sciences,Beijing 100049,China2;
    Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China3
  • Received:2017-05-05 Online:2018-06-15 Published:2018-07-24

Abstract: Nowadays,new kinds of cyber-attacks,such as APT and DDoS,have lower concealment,lower attack cost and huge attack effect.These advantages can let them easily escape from the detection of traditional cyber-attack mea-sures.Cyber-space security situation is becoming more and more severe.The detection and prevention of these attacks have become much harder.CTI(Cyber Threat Intelligence) based network defence has been proved to be a promising strategy to address this problem.In this case,both academic and business circle have put many efforts on CTI analysis and sharing.This paper introduced the meaning and value of CTI.Then aiming at the sharing for threat intelligence,it studied and reviewed the works and developments in CTI sharing deeply.In the end,it looked ahead to the future study of CTI sharing.

Key words: Cyberspace security, Threat intelligence, Intelligence sharing, Data mining

CLC Number: 

  • TP309.2
[1]LI J H.Overview of the technologies of threat intelligence sen-sing,sharing and analysis in cyber space [J].Chinese Journal of Network and Information Security,2016,2(2):16-29.(in Chinese)
[2]MA M H,FANG T,WANG Y.Analysis and Enlightenment of US Cybersecurity Information Sharing Mechanism [J].Journal of Intelligence,2016,35(3):17-23.(in Chinese)
[4]SUN Z.The Attack and Defense Technology Research of Advanced Persistent Threat[D].Shanghai:Shanghai Jiao Tong University,2015.(in Chinese)
[5]CUI Y H,YAN L S,LI S F,et al.SD-Anti-DDoS:Fast and Efficient DDoS Defense in Software-Defined Networks [J].Journal of Network and Computer Applications,2016,68:65-79.
[6]YANG Z M,LI Q,LIU J R,et al.Research of Threat Intelligence Sharing and Using for Cyber Attack Attribution [J].Journal of Information Security Research,2015,1(1):31-36.(in Chinese)
杨泽明,李强,刘俊荣,等.面向攻击溯源的威胁情报共享利用研究 [J].信息安全研究,2015,1(1):31-36.
[8]BIANCO D J.The Pyramid of Pain:Intel-Driven Detection & Response to Increase Your Adversary’s Cost of Operations[EB/OL].
[9]FireEye.APT28:At the Center of the Storm [EB/OL].[2017-01-11].
[11]秉泽.“暗网”:你所不了解的互联网 [J].保密工作,2016(2):47-48.
[12]LI X.Research and Implementation of Identification for Tor Anonymous Communication Based on Meek[D].Beijing:Beijing Jiaotong University,2016.(in Chinese)
[14]OASIS Cyber Threat Intelligence (CTI) TC.About STIX[EB/OL] .
[15]OASIS Cyber Threat Intelligence (CTI) TC,The MITRE Corporation.TAXII 2.0 Draft 2[OL].
[16]OASIS Cyber Threat Intelligence (CTI) TC.CybOX 2.1[OL].[2014-01-23].
[17]BURGER E W,GOODMAN M D,KAMPANASKIS P,et al. Taxonomy Model for Cyber Threat Intelligence Information Exchange Technologies [C]//Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security (WISCS’14).New York:ACM,2014:51-60.
[18]LIAO X J,YUAN K,WANG X F,et al.Acing the IOC Game:Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS’16).New York:ACM,2016:755-766.
[19]MANDIANT.Sophisticated Indicators for the Modern Threat Landscape:An Introduction to OpenIOC[EB/OL].
[20]BROWN S,GOMMERS J,SERRANO O.From Cyber Security Information Sharing to Threat Management[C]//Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security.New York:ACM,2015:43-49.
[21]FIELD J,BANGHART S,WALTERMIRE D.Resource-Oriented Lightweight Information Exchange draft-ietf-mile-rolie-01[EB/OL].(2015-12-02).
[22]STEINBERGER J,SPEROTTO A,GOLLING M,et al.How to exchange security events Overview and evaluation of formats and protocols [C]//IFIP/IEEE International Symposium on Integrated Network Management.New York:IEEE,2015:261-269.
[23]STEINBERGER J,SPEROTTO A,BAIER H,et al.Collaborative attack mitigation and response:A survey[C]//IFIP/IEEE International Symposium on Integrated Network Management.New York:IEEE,2015:910-913.
[24]KAMPANAKIS P,PERROS H,BEYENE T.SDN-based solutions for Moving Target Defense network protection[C]//IEEE International Symposium on World of Wireless,Mobile and Multimedia Networks.New York: IEEE,2014:1-6.
[25]TAKAHASHI T,MIYAMOTO D.Structured cyber security information exchange for streamlining incident response operations[C]//NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium.New York:IEEE,2016:949-954.
[26]USSATH M,JAEGER D,FENG C,et al.Pushing the Limits of Cyber Threat Intelligence:Extending STIX to Support Complex Patterns[M]// Information Technology:New Generations.New York:Springer International Publishing,2016:25-44.
[27]USSATH M,FENG C,MEINEL C.Concept for a security investigation framework[C]//International Conference on New Technologies,Mobility and Security.New York:IEEE,2015:1-5.
[28]ASGARLI E,BURGER E.Semantic ontologies for cyber threat sharing standards[C]//2016 IEEE Symposium on Technologies for Homeland Security (HST).Waltham:IEEE,2016:1-6.
[29]ZHAO W,WHITE G.A collaborative information sharing framework for Community Cyber Security[C]//Homeland Security.New York:IEEE,2012:457-462.
[30]KAMPANAKIS P.Security Automation and Threat Information-Sharing Options [J].IEEE Security & Privacy Magazine,2014,12(5):42-51.
[31]VÁZQUEZ D F,ACOSTA O P,BROWN S,et al.Conceptual framework for cyber defense information sharing within trust relationships [M].New York:IEEE,2012.
[32]HAASS J C,AHN G J,GRIMMELMANN F.ACTRA:A Case Study for Threat Information Sharing[C]//Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security(WISCS 2015).New York:ACM,2015:23-26.
[33]SANDHU R,KRISHNAN R,WHITE G B.Towards Secure Information Sharing models for community Cyber Security[C]//International Conference on Collaborative Computing:Networking,Applications and Worksharing.New York:IEEE,2010:1-6.
[34]TOSH D,SENGUPTA S,KAMHOUA C A,et al.Establishing evolutionary game models for cyber security information exchange (CYBEX) [J/OL].Journal of Computer & System Scien-ces,
[35]KAMHOUA C,MARTIN A,TOSH D K,et al.Cyber-Threats Information Sharing in Cloud Computing:A Game Theoretic Approach[C]//IEEE CS Cloud.New York:IEEE,2015:382-389.
[36]GARRIDO-PELAZ R,PASTRANA S.Shall We Collaborate?:A Model to Analyse the Benefits of Information Sharing[C]//ACM on Workshop on Information Sharing and Collaborative Security.New York:ACM,2016:15-24.
[37]QIAN P,WU M,LIU Z.A Method on Homomorphic Encryption Privacy-preserving for Cloud Computing [J].Journal of Chinese Computer Systems,2015,36(4):840-844.(in Chinese)
[38]WANG S H,HAN Z J,CHEN D W,et al.New construction of secure range query on encrypted data in cloud computing [J].Journal of Communications,2015,36(2):33-41.(in Chinese)
王少辉,韩志杰,陈丹伟,等.云环境下安全密文区间检索方案的新设计 [J].通信学报,2015,36(2):33-41.
[39]CAI K,ZHANG M,FENG D G.Secure Range Query with Single Assertion on Encrypted Data [J].Chinese Journal of Computers,2011,34(11):2093-2103.(in Chinese)
[40]TIAN H B,HE J J,FU L Q.A Privacy Preserving Fair Contract Signing Protocol based on Block Chains [J].Journal of Cryptologic Research,2017,4(2):187-198.(in Chinese)
田海博,何杰杰,付利青.基于公开区块链的隐私保护公平合同签署协议 [J].密码学报,2017,4(2):187-198.
[41]SHEN X,PEI Q Q,LIU X F.Survey of block chain [J].Chinese Journal of Network and Information Security,2016,2(11):11-20.(in Chinese)
[42]LI Y,HE J B,LI J H,et al.Research of America Cyber Threat Intelligence Sharing Frameworks and Standers [J].Secrecy Scien-ce and Technology,2016(6):16-21.(in Chinese)
[43]LIN C X,XUE L M,HAN S.Analysis of the development and application of Network Security Threat Intelligence [J].Network Security Technology and Application,2016(6):12-13.(in Chinese)
[44]ZHANG Q,LI J H.Research on real time performance analysis of information sharing model based on publish-subscribe [J].Military Operations Research and Systems Engineering,2013,27(1):33-35.(in Chinese)
[45]JASPER S E U S.Cyber Threat Intelligence Sharing Frameworks[J].International Journal of Intelligence & Counterintelligence,2017,30(1):53-65.
[46]QAMAR S,ANWAR Z,RAHMAN M A,et al.Data-driven analytics for cyber-threat intelligence and information sharing [J].Computers & Security,2017,67:35-58.
[47]AGRAWAL R,EVFIMIEVSKI A,SRIKANT R.Information sharing across private databases[C]//Proceedings of the 2003 ACM SIGMOD International Conference on Management of Data.New York:ACM,2003:86-97.
[48]APPALA S,CAM-WINGET N,MCGREW D,et al.An Actionable Threat Intelligence system using a Publish-Subscribe communications model[C]//ACM Workshop on Information Sharing and Collaborative Security.New York:ACM,2015:61-70.
[49]DOG S E,TWEED A,ROUSE L R,et al.Strategic Cyber Threat Intelligence Sharing:A Case Study of IDS Logs[C]//International Conference on Computer Communication and Networks.New York:IEEE,2016:1-6.
[50]KSHETRI N.Recent US Cybersecurity Policy Initiatives:Challenges and Implications [J].Computer,2015,48(7):64-69.
[52]SILLABER C,SAUERWEIN C,MUSSMANN A,et al.Data Quality Challenges and Future Research Directions in Threat Intelligence Sharing Practice[C]//ACM on Workshop on Informa-tion Sharing and Collaborative Security.New York:ACM,2016:65-70.
[1] XU Hui-hui, YAN Hua. Relative Risk Degree Based Risk Factor Analysis Algorithm for Congenital Heart Disease in Children [J]. Computer Science, 2021, 48(6): 210-214.
[2] ZHANG Yan-jin, BAI Liang. Fast Symbolic Data Clustering Algorithm Based on Symbolic Relation Graph [J]. Computer Science, 2021, 48(4): 111-116.
[3] ZHANG Han-shuo, YANG Dong-ju. Technology Data Analysis Algorithm Based on Relational Graph [J]. Computer Science, 2021, 48(3): 174-179.
[4] ZOU Cheng-ming, CHEN De. Unsupervised Anomaly Detection Method for High-dimensional Big Data Analysis [J]. Computer Science, 2021, 48(2): 121-127.
[5] LIU Xiao-nan, SONG Hui-chao, WANG Hong, JIANG Duo, AN Jia-le. Survey on Improvement and Application of Grover Algorithm [J]. Computer Science, 2021, 48(10): 315-323.
[6] ZHANG Yu, LU Yi-hong, HUANG De-cai. Weighted Hesitant Fuzzy Clustering Based on Density Peaks [J]. Computer Science, 2021, 48(1): 145-151.
[7] YOU Lan, HAN Xue-wei, HE Zheng-wei, XIAO Si-yu, HE Du, PAN Xiao-meng. Improved Sequence-to-Sequence Model for Short-term Vessel Trajectory Prediction Using AIS Data Streams [J]. Computer Science, 2020, 47(9): 169-174.
[8] ZHANG Su-mei and ZHANG Bo-tao. Evaluation Model Construction Method Based on Quantum Dissipative Particle Swarm Optimization [J]. Computer Science, 2020, 47(6A): 84-88.
[9] YUAN De-yu, ZHANG Yi-fan, GAO Jian and SUN Hai-chun. Abnormal User Detection Method in Sina Weibo Based on User Feature Extraction [J]. Computer Science, 2020, 47(6A): 364-368.
[10] DENG Tian-tian, XIONG Yin-qiao and HE Xian-hao. Novel Clustering Algorithm Based on Timing-featured Alarms [J]. Computer Science, 2020, 47(6A): 440-443.
[11] LI Li. Classification Algorithm of Distributed Data Mining Based on Judgment Aggregation [J]. Computer Science, 2020, 47(6A): 450-456.
[12] YU Hang, WEI Wei, TAN Zheng, LIU Jing-lei. Contextual Preference Collaborative Measure Framework Based on Belief System [J]. Computer Science, 2020, 47(4): 74-84.
[13] DING Wu, MA Yuan, DU Shi-lei, LI Hai-chen, DING Gong-bo, WANG Chao. Mining Trend Similarity of Multivariate Hydrological Time Series Based on XGBoost Algorithm [J]. Computer Science, 2020, 47(11A): 459-463.
[14] ZHANG Cheng-wei, LUO Feng-e, DAI Yi. Prediction Method of Flight Delay in Designated Flight Plan Based on Data Mining [J]. Computer Science, 2020, 47(11A): 464-470.
[15] CHEN Pei, ZHENG Wan-bo, LIU Wen-qi, XIAO Min, ZHANG Ling-xiao. Analysis and Forecast of Some Climate Indexes in Main Producing Areas of Yunnan Province Based on Multiple Models [J]. Computer Science, 2020, 47(11A): 496-503.
Full text



[1] . [J]. Computer Science, 2018, 1(1): 1 .
[2] LEI Li-hui and WANG Jing. Parallelization of LTL Model Checking Based on Possibility Measure[J]. Computer Science, 2018, 45(4): 71 -75 .
[3] SUN Qi, JIN Yan, HE Kun and XU Ling-xuan. Hybrid Evolutionary Algorithm for Solving Mixed Capacitated General Routing Problem[J]. Computer Science, 2018, 45(4): 76 -82 .
[4] ZHANG Jia-nan and XIAO Ming-yu. Approximation Algorithm for Weighted Mixed Domination Problem[J]. Computer Science, 2018, 45(4): 83 -88 .
[5] WU Jian-hui, HUANG Zhong-xiang, LI Wu, WU Jian-hui, PENG Xin and ZHANG Sheng. Robustness Optimization of Sequence Decision in Urban Road Construction[J]. Computer Science, 2018, 45(4): 89 -93 .
[6] SHI Wen-jun, WU Ji-gang and LUO Yu-chun. Fast and Efficient Scheduling Algorithms for Mobile Cloud Offloading[J]. Computer Science, 2018, 45(4): 94 -99 .
[7] ZHOU Yan-ping and YE Qiao-lin. L1-norm Distance Based Least Squares Twin Support Vector Machine[J]. Computer Science, 2018, 45(4): 100 -105 .
[8] LIU Bo-yi, TANG Xiang-yan and CHENG Jie-ren. Recognition Method for Corn Borer Based on Templates Matching in Muliple Growth Periods[J]. Computer Science, 2018, 45(4): 106 -111 .
[9] GENG Hai-jun, SHI Xin-gang, WANG Zhi-liang, YIN Xia and YIN Shao-ping. Energy-efficient Intra-domain Routing Algorithm Based on Directed Acyclic Graph[J]. Computer Science, 2018, 45(4): 112 -116 .
[10] CUI Qiong, LI Jian-hua, WANG Hong and NAN Ming-li. Resilience Analysis Model of Networked Command Information System Based on Node Repairability[J]. Computer Science, 2018, 45(4): 117 -121 .