 Next Generation ISACs: Simulating Crowdsourced Intelligence for Faster Incident ResponsePhilipp Fischer () and
Sébastien Gillard ()
Chapter Chapter 4 in Cyberdefense, 2023, pp 49-66 from Springer Abstract: Abstract We uncover the different patterns by which users on the open source intelligence platforms ThreatFox and MISP share information. We let these patterns inform a simulation model that describes how decentral users share indicators of compromise (IoC). The results suggest that both platform approaches have unique strenghts and drawbacks, and they highlight a trade-off between the speed with which IoC are shared and the reputational risk involved with this sharing. We find that single-community platforms such as ThreatFox let agents share low-value IoC fast, whereas closed-user communities such as MISP create conditions that enable users to share high-value IoC. We discuss the extent to which a combination of both designs may prove to be effective. Date: 2023 There are no downloads for this item, see the EconPapers FAQ for hints about obtaining it. Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:spr:isochp:978-3-031-30191-9_4 Ordering information: This item can be ordered from DOI: 10.1007/978-3-031-30191-9_4 Access Statistics for this chapter More chapters in International Series in Operations Research & Management Science from Springer |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.