Research On Security Sharing Mechanism Of Cyber Threat Intelligence Based On Consortium Blockchain

In recent years,cyber threat intelligence has begun to be shared among various cyber security agencies as a valuable intelligence and has gradually formed a sharing system.Cyber threat intelligence can reflect the identity and intrusion methods of cyber intruders.By sharing this information,cyber security situational awareness can be enhanced.and active defense capabilities.However,there are still many security problems in the current cyber threat intelligence sharing mechanism: in the traditional cyber threat intelligence sharing mechanism,each centralized system will have data tampering problems caused by centralized data storage and theft of administrator identity,and cyber threats As a kind of valuable intelligence,intelligence has requirements for data security and privacy protection.In view of this,this paper adopts the consortium blockchain as the underlying framework,and proposes a network threat intelligence security sharing mechanism based on the consortium blockchain,which can avoid the security problems of the centralized sharing mechanism.The mechanism also includes two sub-mechanisms,the consensus improvement scheme and the sensitive intelligence sharing scheme,which respectively solve the data security issues and privacy protection issues during sharing,and further improve the security of cyber threat intelligence sharing in the alliance blockchain.The main work of this paper is as follows:(1)Sort out the overall design of the sharing mechanism,mainly including the description of the threat intelligence sharing framework,blockchain network and sharing scenarios,and analyze the security in the process of intelligence sharing.During the analysis,it is found that there are data security and privacy protection issues,and a consensus improvement scheme and a sensitive intelligence sharing scheme are proposed to solve the system data security and privacy protection issues from the two levels of system access and data storage.(2)Aiming at the problem that the Byzantine Fault Tolerance Algorithm(PBFT)needs to be in a trusted environment to ensure the normal upload of data to the chain,a PBFT consensus scheme based on node reliability is proposed,which introduces node reliability to reflect the behavior of nodes in the consensus,in the user behavior judgment,the entropy weight TOPSIS method is proposed to calculate the group evaluation results,so as to determine whether the user behavior is malicious.The node selection mechanism of the PBFT algorithm is improved,and only suitable nodes are selected to participate in the consensus according to the reliability of the nodes,so that PBFT has a certain fault tolerance performance in a trustless environment and improves data security.(3)Aiming at the privacy needs of users when sharing sensitive cyber threat intelligence,a multi-channel-based sensitive intelligence sharing scheme is proposed.This scheme designs intelligence sharing methods in four scenarios based on the Traffic Light Protocol(TLP),and implements it through the channel function in the Hyperledger Fabric framework.Channels can isolate data,and users can choose different channels to share sensitive data according to the type of sensitive data,thus protecting the privacy of users in the network.