Cybersecurity threat intelligence knowledge exchange based on blockchain

Riesco Granadino, Raúl and Larriva Novo, Xavier Andrés and Villagrá González, Víctor Abraham (2019). Cybersecurity threat intelligence knowledge exchange based on blockchain. "Telecommunication Systems", v. 73 ; pp. 259-288. ISSN 1018-4864.


Title: Cybersecurity threat intelligence knowledge exchange based on blockchain
  • Riesco Granadino, Raúl
  • Larriva Novo, Xavier Andrés
  • Villagrá González, Víctor Abraham
Item Type: Article
Título de Revista/Publicación: Telecommunication Systems
Date: March 2019
ISSN: 1018-4864
Volume: 73
Freetext Keywords: STIXTM; SWRL; OWL; Dynamic Risk Management (DRM); Cyber Threat Intelligence (CTI); Ethereum Blockchain Smart contract
Faculty: E.T.S.I. Telecomunicación (UPM)
Department: Ingeniería Telemática y Electrónica
Creative Commons Licenses: Recognition - No derivative works - Non commercial

Full text

PDF - Requires a PDF viewer, such as GSview, Xpdf or Adobe Acrobat Reader
Download (7MB) | Preview


Although cyber threat intelligence (CTI) exchange is a theoretically useful technique for improving security of a society, the potential participants are often reluctant to share their CTI and prefer to consume only, at least in voluntary based approaches. Such behavior destroys the idea of information exchange. On the other hand, governments are forcing specific entities and operators to report them specific incidents depending on their impact, otherwise there could be sanctions to those operators which are not reporting them on time. Obligations and sanctions are usually discouraging participants to share information voluntarily which will just share and report what is strictly required. We propose a paradigm shift of cybersecurity information exchange by introducing a new way to encourage all participants involved, at all levels, to share relevant information dynamically. It will also contribute to the support and deployment of Dynamic Risk Management (DRM) frameworks to keep risks under an acceptance level along the time. Participants will have new and specific incentives to share, invest and consume threat intelligence and risk intelligence information depending on their different roles (producers, consumers, investors, donors and owner). Our proposal leverages from standards like Structured Threat Information Exchange (STIX), as well as W3C semantic web standards to enable a workspace of knowledge related to behavioral threat intelligence patterning to characterize tactics, techniques and procedures (TTP). At the same time, we propose an Ethereum Blockchain Smart contract Marketplace to better incentivize the sharing of that knowledge between all parties involved as well as creating a standard CTI token as a digital asset with a promising value in the market. Simulations and an experimentation were performed to demonstrate its benefits and incentives, but also its potential limits with regard to storage and cost of transactions.

More information

Item ID: 63678
DC Identifier:
OAI Identifier:
DOI: 10.1007%2Fs11235-019-00613-4
Official URL:
Deposited by: Memoria Investigacion
Deposited on: 17 Mar 2021 15:10
Last Modified: 17 Mar 2021 15:10
  • Logo InvestigaM (UPM)
  • Logo GEOUP4
  • Logo Open Access
  • Open Access
  • Logo Sherpa/Romeo
    Check whether the anglo-saxon journal in which you have published an article allows you to also publish it under open access.
  • Logo Dulcinea
    Check whether the spanish journal in which you have published an article allows you to also publish it under open access.
  • Logo de Recolecta
  • Logo del Observatorio I+D+i UPM
  • Logo de OpenCourseWare UPM