A Reputation-Based Approach Using Consortium Blockchain for Cyber Threat Intelligence Sharing
Algorithm 2
Reputation model computing phase.
Data: state: the state of a node, AC: the alert information from internal organization or the original CTI from external organization, threshold: threshold is the predefined constant that distinguishes the faithful node and unfaithful node, num: total number of nodes in the CTI sharing consortium network.
Result: void
(1)
begin
(2)
switch state do:
(3)
case “leader”:
(4)
generate proposal when received the AC from client;
(5)
for i = 1, i++, i<=num do:
(6)
send proposal and AC to node i;
(7)
communicate with the Supervisor node by ReputationCompute RPC;
(8)
if “success” in the return of ReputationCompute RPC then:
(9)
step to phase 3; The leader provides a high-value threat proposal correctly, which needs to be stored in each node through phase 3 /
(10)
break
(11)
else:
(12)
step to phase 2 again to process the new alert information from client; The leader failed to provide the correct proposal of this alert /
(13)
break
(14)
case “follower”:
(15)
generate threat proposal based on the the AC from leader;
(16)
communicate with the Supervisor node by ReputationCompute RPC;
(17)
receive the UNL data from the supervisor;
(18)
if the leader node is in UNL then:
(19)
term number +1; The leader node may provide too much false proposal due to malware control, so a new leader needs to be elected again in the phase 1 /
(20)
break
(21)
break
(22)
case “supervisor”:
(23)
receive the ReputationCompute RPC from all nodes in the network;
(24)
compute the reputation score of nodes based on reputation model;
(25)
if threat proposal from node i decided as “success” then:
(26)
the reputation score of node i increase;
(27)
if the reputation score of node i >= threshold then:
(28)
remove node i from UNL;
(29)
else:
(30)
the reputation score of node i decrease;
(31)
if the reputation score of node i < threshold then:
