Cybersecurity Information Exchange with Privacy (CYBEX-P) and TAHOE — A Cyberthreat Language. (arXiv:2106.01632v1 [cs.CR])

Cybersecurity information sharing (CIS) is envisioned to protect
organizations more effectively from advanced cyber attacks. However, a
completely automated CIS platform is not widely adopted. The major challenges
are: (1) the absence of a robust cyber threat language (CTL) and (2) the
concerns over data privacy. This work introduces Cybersecurity Information
Exchangewith Privacy (CYBEX-P), as a CIS framework, to tackle these challenges.
CYBEX-P allows organizations to share heterogeneous data with granular,
attribute based privacy control. It correlates the data to automatically
generate intuitive reports and defensive rules. To achieve such versatility, we
have developed TAHOE – a graph based CTL. TAHOE is a structure for
storing,sharing and analyzing threat data. It also intrinsically correlates the
data. We have further developed a universal Threat Data Query Language (TDQL).
In this paper, we propose the system architecture for CYBEX-P. We then discuss
its scalability and privacy features along with a use case of CYBEX-P providing
Infrastructure as a Service (IaaS). We further introduce TAHOE& TDQL as better
alternatives to existing CTLs and formulate ThreatRank – an algorithm to detect
new malicious even