Visible to the public DefenseChain: Consortium Blockchain for Cyber Threat Intelligence Sharing and Defense

TitleDefenseChain: Consortium Blockchain for Cyber Threat Intelligence Sharing and Defense
Publication TypeConference Paper
Year of Publication2020
AuthorsPurohit, S., Calyam, P., Wang, S., Yempalla, R., Varghese, J.
Conference Name2020 2nd Conference on Blockchain Research Applications for Innovative Networks and Services (BRAINS)
Date Publishedsep
Keywordsattack detection, attack mitigation, blockchain, blockchain platform, cloud computing, cloud-hosted applications, cryptography, Cyber Attacks, cyber security, cyber threat intelligence sharing, DefenseChain implementation, DefenseChain system, Distributed databases, distributed trust, Human Behavior, Metrics, Open Cloud testbed, Peer-to-peer computing, pubcrawl, reputation estimation scheme, reputation system, resilience, Resiliency, Threat intelligence sharing, uses Quality
AbstractCloud-hosted applications are prone to targeted attacks such as DDoS, advanced persistent threats, cryptojacking which threaten service availability. Recently, methods for threat information sharing and defense require co-operation and trust between multiple domains/entities. There is a need for mechanisms that establish distributed trust to allow for such a collective defense. In this paper, we present a novel threat intelligence sharing and defense system, namely “DefenseChain”, to allow organizations to have incentive-based and trustworthy co-operation to mitigate the impact of cyber attacks. Our solution approach features a consortium Blockchain platform to obtain threat data and select suitable peers to help with attack detection and mitigation. We propose an economic model for creation and sustenance of the consortium with peers through a reputation estimation scheme that uses `Quality of Detection' and `Quality of Mitigation' metrics. Our evaluation experiments with DefenseChain implementation are performed on an Open Cloud testbed with Hyperledger Composer and in a simulation environment. Our results show that the DefenseChain system overall performs better than state-of-the-art decision making schemes in choosing the most appropriate detector and mitigator peers. In addition, we show that our DefenseChain achieves better performance trade-offs in terms of metrics such as detection time, mitigation time and attack reoccurence rate. Lastly, our validation results demonstrate that our DefenseChain can effectively identify rational/irrational service providers.
Citation Keypurohit_defensechain_2020