| 引用本文: |
-
彭煊烨,戴光祥,王鹏,翟立东.威胁情报共享中的利益分配研究综述[J].信息安全学报,已采用 [点击复制]
- Peng Xuanye,Dai Guangxiang,Wang Peng,Zhai Lidong.A Review of Benefit Distribution Mechanisms in Threat Intelligence Sharing[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 随着网络安全威胁日益复杂,威胁情报共享成为提升网络防御能力的关键。而在情报共享中,共享平台与共享参与者之间的利益分配问题尤为关键。共享平台需要通过合理的收费和奖励机制激励共享者,维持平台运营;情报共享者则需要权衡平台的激励与隐私泄露、资源消耗的风险;情报访问者需要在支付情报访问费用与提升防御能力之间找到最优决策。因此,利益分配问题贯穿着威胁情报共享的各个环节,影响着平台的共享生态,关系到参与者的切身利益。针对这一关键问题,本文首次总结了现有文献中对威胁情报共享利益分配问题的研究,深入总结了该领域的业界应用与学术界研究现状。首先,通过广泛调研国内外主流威胁情报共享平台,首次提出平台与成员之间的互动框架以梳理威胁情报共享流程,为进一步系统梳理利益分配已有工作奠定基础;其次,依据互动框架将现有方法分为“博弈模型”和“经济模型”,并从建模思路、针对问题、数学方法、仿真实验等方面进行了综合评述与对比分析;然后总结了利益分配问题中的核心量化方法;最后,从理论与实际应用的结合点出发,剖析了现有研究在模型构建与算法性能等方面的局限性,提出未来研究可通过引入有限理性建模、聚焦状态空间优化、关注平台动态演化过程、深入探讨威胁情报质量对利益分配的影响等方法,进一步优化利益分配机制。本文不仅系统梳理了学术界在威胁情报共享利益分配问题的研究工作,也为业界设计和优化情报共享平台以及机制提供了理论依据和实践指导,希望能促进该领域的持续创新与应用。 |
| 关键词: 威胁情报 情报共享 利益分配 博弈论 |
| DOI: |
| 投稿时间:2024-11-19修订日期:2025-03-19 |
| 基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目) |
|
| A Review of Benefit Distribution Mechanisms in Threat Intelligence Sharing |
|
Peng Xuanye, Dai Guangxiang, Wang Peng, Zhai Lidong
|
| (Institute of Information Engineering, Chinese Academy of Sciences) |
| Abstract: |
| As cybersecurity threats grow increasingly complex, threat intelligence sharing has become a critical component for enhancing cyber defense capabilities. The benefit allocation between sharing platforms and participants is particularly pivotal in this process. Sharing platforms must sustain operations by incentivizing contributors through rational pricing and reward mechanisms. At the same time, intelligence contributors need to balance platform incentives against the risks of privacy exposure and resource consumption, while intelligence consumers must make optimal decisions between paying for access and enhancing their defense capabilities. Consequently, benefit allocation spans all aspects of threat intelligence sharing, influencing the platform's sharing ecosystem and directly impacting the interests of all participants.
To address this critical issue, this paper provides the first comprehensive summary of research on benefit allocation in threat intelligence sharing, offering an in-depth review of industry practices and academic studies in this field. First, based on a broad investigation of mainstream threat intelligence sharing platforms both domestically and internationally, we propose, for the first time, an interaction framework that outlines the threat intelligence sharing process between platforms and members, laying the foundation for a systematic review of existing work on benefit allocation. Next, according to this interaction framework, existing methods are categorized into "game models" and "economic models." A thorough comparative analysis is conducted from multiple perspectives, including modeling approaches, problem focus, mathematical techniques, and simulation experiments. Subsequently, the core quantitative methods in benefit allocation problems are summarized. Finally, from the perspective of integrating theory with practical applications, we analyze the limitations of existing research in terms of model construction and algorithm performance. We propose potential research directions, including the introduction of bounded rationality modeling, focusing on state space optimization, addressing platform dynamic evolution processes, and exploring the impact of threat intelligence quality on benefit allocation to further optimize benefit allocation mechanisms.
This paper not only systematically reviews academic work on benefit allocation in threat intelligence sharing but also provides theoretical insights and practical guidance for the industry in designing and optimizing threat intelligence sharing platforms and mechanisms, aiming to promote continuous innovation and application in this field. |
| Key words: threat intelligence intelligence sharing distribution of benefit game theory |
