Trustworthy incident information sharing in social cyber defense alliances

The Internet threat landscape is fundamentally changing today. A major shift away from hobby hacking towards well-organized cyber crimes can be observed. The aim of these criminal organizations is the commercial exploitation of vulnerabilities in ICT infrastructures. Since attacks become more and more coordinated, we argue that counter measures must be properly coordinated too. Additionally, networks have grown to a scale and complexity, and have reached a degree of interconnectedness, that their protection can often only be guaranteed and financed as shared efforts. In this paper, we therefore introduce the concept of social cyber defense alliances. These alliances are shaped by social networks which connect information security stakeholders from various domains and facilitate the sharing of incident information. Some primary challenges include: 1) how to encourage participating stakeholders to contribute, and 2) how to ensure the quality and reliability of shared incident information. Here, we discuss an incentive model, which encourages information security stakeholders to share incident information. Furthermore, we highlight an architectural blueprint which is able to support the establishment of our proposed social cyber defense alliances in a real world context, and evaluate its applicability using agent-based simulations.