Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SeCTIS: A Framework to Secure CTI Sharing

Dincy R. Arikkat, Mert Cihangiroglu, Mauro Conti, Rafidha Rehiman K. A., Serena Nicolazzo, Antonino Nocera, Vinod P

TL;DR

SeCTIS tackles privacy and trust barriers in CTI sharing by integrating Swarm Learning with a Blockchain-based coordination layer and Zero-Knowledge Proofs to enable collaborative CTI data modeling without exposing sensitive information. Local models are trained on private CTI data, while validator-backed ZK proofs and a reputation mechanism ensure data and model quality, preventing low-quality contributions from biasing the global model. Experimental results on the CIC-Darknet 2020 dataset show that incorporating a reputation system mitigates the impact of label noise and Byzantine participants, preserving recall and reducing misclassification. The framework demonstrates a comprehensive, privacy-preserving, and auditable approach to cross-organization CTI sharing with practical implications for industry partnerships, SOC operations, and threat intelligence automation.

Abstract

The rise of IT-dependent operations in modern organizations has heightened their vulnerability to cyberattacks. As a growing number of organizations include smart, interconnected devices in their systems to automate their processes, the attack surface becomes much bigger, and the complexity and frequency of attacks pose a significant threat. Consequently, organizations have been compelled to seek innovative approaches to mitigate the menaces inherent in their infrastructure. In response, considerable research efforts have been directed towards creating effective solutions for sharing Cyber Threat Intelligence (CTI). Current information-sharing methods lack privacy safeguards, leaving organizations vulnerable to leaks of both proprietary and confidential data. To tackle this problem, we designed a novel framework called SeCTIS (Secure Cyber Threat Intelligence Sharing), integrating Swarm Learning and Blockchain technologies to enable businesses to collaborate, preserving the privacy of their CTI data. Moreover, our approach provides a way to assess the data and model quality, and the trustworthiness of all the participants leveraging some validators through Zero Knowledge Proofs. An extensive experimental campaign demonstrates our framework's correctness and performance, and the detailed attack model discusses its robustness against attacks in the context of data and model quality.

SeCTIS: A Framework to Secure CTI Sharing

TL;DR

SeCTIS tackles privacy and trust barriers in CTI sharing by integrating Swarm Learning with a Blockchain-based coordination layer and Zero-Knowledge Proofs to enable collaborative CTI data modeling without exposing sensitive information. Local models are trained on private CTI data, while validator-backed ZK proofs and a reputation mechanism ensure data and model quality, preventing low-quality contributions from biasing the global model. Experimental results on the CIC-Darknet 2020 dataset show that incorporating a reputation system mitigates the impact of label noise and Byzantine participants, preserving recall and reducing misclassification. The framework demonstrates a comprehensive, privacy-preserving, and auditable approach to cross-organization CTI sharing with practical implications for industry partnerships, SOC operations, and threat intelligence automation.

Abstract

The rise of IT-dependent operations in modern organizations has heightened their vulnerability to cyberattacks. As a growing number of organizations include smart, interconnected devices in their systems to automate their processes, the attack surface becomes much bigger, and the complexity and frequency of attacks pose a significant threat. Consequently, organizations have been compelled to seek innovative approaches to mitigate the menaces inherent in their infrastructure. In response, considerable research efforts have been directed towards creating effective solutions for sharing Cyber Threat Intelligence (CTI). Current information-sharing methods lack privacy safeguards, leaving organizations vulnerable to leaks of both proprietary and confidential data. To tackle this problem, we designed a novel framework called SeCTIS (Secure Cyber Threat Intelligence Sharing), integrating Swarm Learning and Blockchain technologies to enable businesses to collaborate, preserving the privacy of their CTI data. Moreover, our approach provides a way to assess the data and model quality, and the trustworthiness of all the participants leveraging some validators through Zero Knowledge Proofs. An extensive experimental campaign demonstrates our framework's correctness and performance, and the detailed attack model discusses its robustness against attacks in the context of data and model quality.
Paper Structure (33 sections, 9 equations, 16 figures, 8 tables)

This paper contains 33 sections, 9 equations, 16 figures, 8 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Background
  4. Cyber Threat Intelligence
  5. Blockchain
  6. Federated Learning and Swarm Learning
  7. Zero-Knowledge Machine Learning
  8. Proposed Approach
  9. Local Models Training
  10. Validators Verification
  11. Global Model Computation
  12. Attack Model
  13. Experimental Results
  14. Testbed Description
  15. Dataset
  16. ...and 18 more sections

Figures (16)

  • Figure 1: Example of a Blockchain
  • Figure 2: The Federated Learning workflow
  • Figure 3: The Swarm Learning workflow
  • Figure 4: The General SeCTIS Architecture
  • Figure 5: Local Models Training Sequence Diagram
  • ...and 11 more figures