ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2020, Vol. 57 ›› Issue (10): 2052-2065.doi: 10.7544/issn1000-1239.2020.20200616

Special Issue: 2020密码学与数据隐私保护研究专题

Previous Articles     Next Articles

Overview of Threat Intelligence Sharing and Exchange in Cybersecurity

Lin Yue1,2, Liu Peng2, Wang He1,2, Wang Wenjie2, Zhang Yuqing1,2   

  1. 1(School of Cyber Engineering, Xidian University, Xi’an 710071);2(National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408)
  • Online:2020-10-01
  • Supported by: 
    This work was supported by the National Key Research and Development Program of China (2018YFB0804701).

Abstract: The emerging threats in cyberspace are endangering the interests of individuals, organizations and governments with complex and changeable attack methods. When traditional network security defense methods are not strong enough, the threat intelligence sharing and exchange mechanism has brought hope to the protection of cyberspace security. Cybersecurity threat intelligence is a collection of information that can cause potential harm and direct harm to organizations and institutions. This information can help organizations and institutions study and judge the cybersecurity threats they face, and make decisions and defenses accordingly. The exchange and sharing of threat intelligence can maximize the value of threat intelligence, reduce the cost of intelligence search and allieviate the problem of information islands, thereby improving the threat detection and emergency response capabilities of all parties involved in the sharing. This article first introduces the concept of cyber security threat intelligence and mainstream threat intelligence sharing norms; secondly, it investigates the literature on threat intelligence sharing and exchange at home and abroad in the past 10 years, and analyzes and summarizes the current situation and development trend of threat intelligence sharing and exchange. The article focuses on in-depth analysis from three perspectives of sharing models and mechanisms, the distribution of benefits of the exchange mechanism, and the privacy protection of shared data. The problems in the three parts and related solutions are pointed out, and the advantages and disadvantages of each solution are analyzed and discussed. Finally, the future research trend and direction of threat intelligence sharing and exchange are prospected.

Key words: cyber threat intelligence, threat intelligence sharing, benefit distribution mechanism, privacy protection, sharing model

CLC Number: