Project (1) Pauline Bourmeau - Social Perspectives in Intelligence Sharing within MISP Communities

Contact for this research project: social-perspective@misp-project.org

Social Perspectives in Intelligence Sharing within MISP Communities

Subject scope

Intelligence activity, a prevalent practice across various fields, has continually evolved in response to the changing dynamics of human societies. The shift from analog to digital has significantly transformed social practices and modes of communication.

The transmission of information is a crucial component of intelligence activities and has attracted attention in anthropology and social sciences. This research is dedicated to understanding and describing the information exchange practices among threat intelligence communities, especially those using MISP. We aim to explore the functioning and limitations of these practices within their cultural context, focusing on how these communities operate and interact within these frameworks.

The interest in studying information sharing practices

While much of the research in information security and intelligence has traditionally emphasized practical, standardized, and technical facets of information sharing, the exploration of its social and cultural aspects has not been as extensive. Our research seeks to contribute to this area by offering insights and exploring potential avenues for further inquiry and improvement. We aim to enrich the understanding of information sharing by shedding light on these less explored dimensions, thereby opening the door for more comprehensive future research and practice advancements.

Problem statement

We face missed opportunities for successful information sharing within the research community. To understand and address this issue, we aim to describe the information sharing processes, examining functional challenges from social and cultural perspectives. This involves identifying both the incentives for and barriers to sharing.

Research methodology

Research design

A series of interviews are conducted with various sharing communities. We aim to compare the actual usage of the platform, as observed by us, with the users’ perspectives as shared in the interviews.

We utilize both technical observations, such as platform statistics, and qualitative insights from the interviews.

Data Analysis Model

• Collection of structured information from sharing platforms.
• Conducting interviews using an unstructured or semi-structured approach.

Expected Results and Contribution

Our research aims to detail the social practices that facilitate information sharing. The focus is on uncovering and testing social models to better understand specific dynamics in this area. Key areas of exploration will include:

• Differentiating between organizations that primarily produce information and those that disseminate it, acknowledging that producers and sharers may be distinct entities.
• Describing the contextual factors surrounding the creation and dissemination of information.
• Analyzing the dynamics of information sharing within communities.
• Investigating factors that could enhance the effectiveness of sharing practices.

These insights are expected to contribute to the development of more sophisticated detection mechanisms within organizations.

Project (2) Borce STOJKOVSKI - a survey about MISP UX - University of Luxembourg

Project (3) Secure Distributed-Learning on Threat Intelligence - EPFL and armasuisse Science and Technology, Lausanne

Collaboration in the Framework of C4DT between armasuisse Science and Technology and the Laboratory for Data Security of EPFL.

Cyber security information is extremely sensitive and confidential. This introduces an information-sharing trade-off, between the benefits of improved threat-response capabilities and the drawbacks of disclosing national-security-related information to foreign agencies or institutions. The purpose of this project is to resolve the aforementioned trade-off by enabling secure collaborations with valuable sensitive data that is not normally shared. Each institution keeps full control over their data records, that never leave their security perimeter, whereas computations are protected by efficient and highly-scalable multiparty-homomorphic-encryption techniques. This will expand the range of available intelligence, thus leading to new and better threat analyses and predictions.

Website: https://lds.epfl.ch/secure-distributed-learning-on-threat-intelligence/

Contact:

• Prof. Jean-Pierre Hubaux
• Dr. Juan Ramón Troncoso-Pastoriza
• Dr. Alain Mermoud

Citing MISP

If you are write an academic paper relying or using MISP, you can cite MISP with the following BibTeX entry:

@inproceedings{wagner2016misp,
  title={MISP: The Design and Implementation of a Collaborative Threat Intelligence Sharing Platform},
  author={Wagner, Cynthia and Dulaunoy, Alexandre and Wagener, G{\'e}rard and Iklody, Andras},
  booktitle={Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security},
  pages={49--56},
  year={2016},
  organization={ACM}
}