Blockchain based IT Security Threat
Intelligence Sharing System
Dr Umesha K
Department of Electronics &communication
Engineering
Jawaharlal College of Engineering and
Technology, Lakkidi palkaad kerlal , India
umesh_nandhini@yahoo.co.in
Abstract— Quick technological advancements have resulted in
more complex cybercrimes, necessitating novel approaches to
cyber security. Classical risk-sharing systems frequently include
inefficiencies, data silos, and issues with reliability. This research
report suggests an innovative solution as a response: the
Blockchain based IT security Threat Intelligence Sharing
System. It leverages blockchain technology's decentralization,
immutability, and transparency to get around the drawbacks of
other risk-sharing systems. The current research demonstrates
how BPTISS might transform threat communication in
cyberspace by examining its architecture, constituent parts, and
underlying mechanisms. Although blockchain technology is
decentralized, threat data is not under the authority of a single
party, which encourages inclusivity and diversity among the
threat community. The technical features of suggested system,
including as consensus techniques, data encryption, and
scalability, are examined. It also covers benefits and real-world
use cases, like enhanced collective defense against cyber threats,
quicker incident response, and threat detection. Systems for
exchanging threat intelligence driven by blockchain present a
viable answer to the problems with conventional threat
communication. By utilizing blockchain technology, proposed
system offers individuals and companies a transparent, safe, and
cooperative platform to work together to address the constantly
changing cyber threat landscape. This work offers a thorough
analysis, opening the door for additional study and application in
the area of cyber security.
Index Terms—Blockchain-Powered, transparency, immutabil-
ity, decentralized, cyber threats, consensus algorithms.
I. INTRODUCTION
In today’s interconnected digital world, the battle against
cyber threats is becoming more complex and persistent. From
data breaches to software attacks, organisations around the
world are constantly under attack from cyber attacks,
disrupting operations and causing significant financial losses.
[1] Traditionally, threat intelligence sharing has been hindered
by various challenges, including concerns about privacy, trust,
and the authenticity of shared data. Centralized solutions often
raise questions about data security and the potential for a
single point of failure. Furthermore, the reluctance to share
sensitive threat data due to the fear of exposing vulnerabilities
or breaches has impeded collective efforts to combat cyber
threats effectively. [2] In this context, blockchain technology
emerges as a promising solution to address these challenges
and foster a more secure, transparent, and collaborative
approach to threat intelligence sharing. By applying
blockchain to threat intelligence sharing, organizations can
create a tamper-proof, trustless environment where
information can be exchanged securely without the need for
intermediaries. One promising path for innovation in
cybersecurity is the integration of blockchain technology
into risk-sharing systems. [3] Blockchain, originally created as
the underlying technology behind cryptocurrencies such as
Bitcoin, has attracted widespread attention for its potential to
transform various industries outside of finance. Its unique
features, such as decentralization, immutability, transparency,
and security, make it an ideal candidate for increasing the
reliability and
effectiveness of threat communication.
The concept of sharing threat messages is not new.
Organisations, government agencies, and cybersecurity
professionals have long recognised the importance of sharing
information about cyber threats, attacks, and vulnerabilities to
strengthen defenses. [4] However, despite the clear benefits of
sharing threat intelligence, several challenges have hindered its
adoption. These challenges include concerns about data
privacy, trust issues between sharing parties, the risk of data
manipulation, and the lack of a standardised framework for
secure data exchange.
Blockchain technology solves many of these challenges with
its unique features and offers a promising solution to join the
new era of threat communication. This research paper aims to
explore the integration of blockchain technology into threat
intelligence systems, its potential benefits, and its implications
for the future of cybersecurity.
In this, we will look at the following important areas:
Blockchain technology and security: Although blockchain
technology was originally designed for cryptocurrencies such
as Bitcoin, it has gained attention for its potential applications
in various fields, including cybersecurity. Blockchain's security
features, such as decentralised consensus, immutability,and
encryption, make it an ideal candidate for securing threat
information sharing systems (Yaga et al., 2018).
Decentralisation and Trust: One of the main advantages of a
blockchain-based threat information sharing system is its
Traditional centralised systems have a single point of failure
and are vulnerable to attacks. Blockchain, through its
distributed ledger, eliminates this vulnerability by allowing
multiple parties to participate in sharing threat information
without the need for a central authority (Conti et al., 2018).
This decentralisation fosters trust among participants and
reduces the risk of data breaches.
Privacy and anonymity: When sharing harmful information,
it is important to maintain privacy and anonymity. Blockchain
offers solutions such as zero-knowledge proofs and privacy-
focused smart contracts that allow sensitive information to be
shared securely while maintaining confidentiality (Kosba et
al., 2016). These privacy-enhancing features are essential for
organisations concerned about sharing threat data.
Interoperability and standards: Blockchain-based threat
intelligence sharing systems require standardised and
interoperability protocols to be Several research efforts have
focused on developing industry-wide standards to facilitate
the exchange of threat information between different
blockchain networks and organisations (Gupta et al., 2020).
The purpose of these standards is to ensure seamless
communication and collaboration between different
stakeholders.
Challenges and future direction: Although blockchain-
based threat intelligence sharing systems are promising, they
are not without challenges. Scalability, energy consumption,
and the need for consensus
At the end of this paper, readers will gain a comprehensive
understanding of how blockchain technology can change how
organisations and cybersecurity professionals work together to
protect against cyber threats. Blockchain integration into
threat intelligence sharing systems has the potential to
improve security, strengthen trust between sharing parties, and
ultimately strengthen the protection of the digital world we
rely on today..
II. LITERATURE REVIEW
In a study to determine how blockchains can provide some
important aspects of privacy, Mattila et al. [5] He found that
using smart contracts and a shared consensus process on the
blockchain is an interesting and appropriate way to solve the
privacy problem. The author treats this problem at a high level
and does not give examples of the use of this technology. use
of CTI.
Soumya Purohit et al.(2020) [6] The author introduce
”DefenseChain,” a brand-new threat intelligence sharing and
defense system that enables businesses to work together in a
reliable and incentive-based manner to lessen the effects of
cyberattacks.In order to gather threat information and identify
suitable peers to aid in attack detection and mitigation, our
solution method uses a consortium Blockchain platform. The
consortium of peers is created and maintained according to an
economic model that we suggest using a reputation estimate
system that makes use of.
Dr. S. Smys et al. [7] Cyber threats are one of the major
issues plaguing the computing industry. An important part of a
sustainable computing ecosystem is a common cyber-physical
system that provides a secure and reliable architecture.
Dr. Wang Haoxiang et al(2020) In the [8] Trusted Au-
tomated eXchange of Intelligent Information (TAXII), there
are three ways to exchange information. Similar to this, CTI
information and threats are automatically shared, analyzed,
and collected via STIX, or Structured Threat Information
eXpression.
R. Riesco et al. Although sharing [9] cyber threat in-
telligence (CTI) has the potential to improve public safety,
prospective participants are reluctant to share their CTI and
instead choose to spend it only on volunteer-based networks.
Jun Fu et al.[10]Cybersecurity and enterprise security are
now seriously threatened by the constant emergence of new
vulnerabilities and numerous new security dangers.
Shen He et al(2021)[11] Threat intelligence still has certain
issues, though.[12] In the current sharing arrangement, the
threat intelligence data can be altered.
Wenbo Zhang et al.(2021) [13]Threat sharing is a powerful
tool to protect against online security threats.
Yayu Bai et al.[14] Industrial Internet of Things (IIoT) is a
widely used technology, and as a result,[15] IIoT systems are
increasingly exposed to cyber security threats.
Panda et al. [15] knows the deadline for submitting docu-
ments data mining scheme using deep reinforcement learning
and dynamic voltage and frequency scaling in edge computing
Environment to reduce power consumption of IoT devices.
III. METHODOLOGY
Developing a blockchain-powered threat intelligence
system involves several key methodologies and steps to
ensure system security, transparency, and efficiency. Below is
a step-by-step methodology to guide the development of
such a system:
A. Flow method
Cryptography: Blockchain heavily relies on cryptographic
techniques to secure data and transactions. Public-key cryp-
tography, in particular, is used for wallet addresses and digital
signatures to ensure that only the rightful owner can access
and authorize transactions.
Consensus Algorithms: Consensus algorithms like Proof of
Work (PoW) and Proof of Stake (PoS) are used to validate
and agree upon the order of transactions in a blockchain.[17]
These mechanisms make it extremely difficult for malicious
actors to control the network.
Digital Signatures: Digital signatures are used to prove the
authenticity of a message or transaction on the blockchain.
They involve a private key to sign and a public key to verify
the authenticity of the signature.
B. Merkle Trees:
Merkle trees are data structures that organize transactions
in a block.[18] Each leaf node of the tree is a hash of a single
transaction, and the parent nodes are hashes of their children.
This structure allows for efficient verification of the contents
of a block.
C. Timestamping:
Each block in a blockchain is timestamped, creating
a chronological record of transactions. This helps prevent
double-spending and establishes a clear order of events.
D. Permissioned vs. Permissionless Blockchains:
Permissioned blockchains restrict access to a predefined
set of participants, making them more suitable for business
and consortium use cases. Permissionless blockchains, like
Bitcoin, are open to anyone. The choice of permissioning
impacts security considerations.
E. Network Security:
Blockchain networks rely on a distributed network of
nodes. Ensuring the security and resilience of these nodes
through measures like redundancy, DDoS protection, and
constant monitoring is critical.
F. Key Management:
[19] Proper key management practices are essential to
protect private keys, as losing them can result in the loss of
access to assets stored on the blockchain.
G. Multi-Signature Wallets:
Multi-signature wallets require multiple private keys to
authorize a transaction. This adds an extra layer of security
and is often used in business and custody settings.
H. Cold Storage:
Cryptocurrency wallets can be stored offline (cold storage)
to protect them from online threats like hacking. Hardware
wallets and paper wallets are examples of cold storage solu-
tions.
I. Bug Bounties and Code Audits:
Regularly auditing smart contracts and the underlying
blockchain code and offering bug bounties to security re-
searchers can help identify vulnerabilities before they are
exploited.
J. Private Blockchains:
In some cases, organizations opt for private or consortium
blockchains where they have more control over the
participants and security measures.
These security methods and mechanisms work together to
create a robust and secure environment within blockchain
technology. Depending on the specific blockchain platform
and its use case, additional security measures may be
implemented.
IV. FUNDAMENTAL BLOCKCHAIN TECHNOLOGY
The following section will explain the details that make up
the axis of Blockchain technology.
A. Cryptographic Hash Functions:
Cryptographic hash functions play an important role in
ensuring security and data integrity in blockchain-based threat
messaging systems.[20] The system is designed to facilitate
the exchange of critical security information between multiple
stakeholders, including organizations, government agencies,
and cybersecurity professionals. To understand the importance
of the cryptographic hash function in this context, let’s look
at its main role and benefits.
• Data integrity: In a safe sharing system, the most impor-
tant thing is to ensure that the data is not tampered during
the exchange. A cryptographic hash function generates a
fixed-size (digested) hash value for any input data, such
as threat indicators, reports, or logs.
• Data Immutability: Data cannot be changed after being
added to a blockchain.
• Proof of Data: Cryptographic hash functions provide a
way to verify the origin of data.[21] When participants
add data to the blockchain, they can add their digital
signatures along with the data. The identity of the data,
together with the public key of the participants, enables
verification that the data actually came from the claimed
source.
• Efficient data retrieval: Hash function enables efficient
data retrieval from the blockchain. Since the hash value
of the block is stored in a Merkle tree structure,
participants can quickly find specific information in the
chain by following the hash value path, significantly
reducing the time required to perform a historical hash.
• Consensus mechanisms: Many blockchains rely on con-
sensus mechanisms such as Proof of Work (PoW) or
Proof of Stake (PoS) to verify and add new blocks to the
chain. The Hash function is central to this mechanism, as
miners or validators must perform complex calculations
on block data to produce a valid Hash that meets certain
criteria.
B. Blockchain data structure
• chain: A block header contains a chain of previous similar
blocks blocks become chains. A hash function joins all the
blocks together. The most important benefit of blockchain
architecture is durability. although[22] the attacker changes

Fig. 1. Structure of blockchain [Gong, S., Lee, C.(2020)]
the transaction of one block, the next block will become the
master does not match, the conflict will be passed to the end
of the chain, that is all the next block hashes will be changed.
C. Merkle trees
Merkle trees are organized into structures called
transactions in Figure 1 A merkle tree, also known as a hash
tree. Two binary trees main feature. • Each leaf node stores
more data.
• Every non-leaf node (including midpoint and root node)
is contained hash their children. • Quickly compare large
amounts of data Consider that large amounts of data are
organized and stored in Merkle trees two Merkle trees must
have the same root, two sets of data exactly the same. Because
it is very fast to calculate trees using Merkle trees comparing
mass data, it will be very efficient. • Quickly search for
variants As shown in Figure 1, if someone changes the
operation C, it will change the data and root F as a result
Merkle trees are widely used in many common scenarios.
Because it is very fast to calculate trees using Merkle trees
comparing mass data, it will be very efficient.The purpose of
the distributed system. The basic approach is to make sure
that every node can read if the point can write once.
14
D. The Byzantine General Problem
Can not be solved by Paxos algorithm. Bitcoin uses the
idea of leverage as a practical solution to Byzantium Common
problems. In Bitcoin, all nodes compete for the right to add
blocks opposite The first step to solving an enigma is to create
a block. Since then washing is very difficult to calculate, the
calculation point is high There is a high possibility of blocking
power.[23] The longest proof The chain will be a unique book
deal. Your account is safe for a long time honest nodes
manage computing power together attack point group. Proof
of Work Proof of work literally means point verification
workload. This is actually a denial of service attack or Sybil’s
attack. Bitcoin adapts proof-of-work for public service equal
to computing power.
E. Smart contracts
”Smart contract” is a term first coined by Nick Szabo. In
the 1990s, the main idea was that there could be many types
of contractual clauses built into the hardware and software
for any breach of contract expensive [16]. In addition, Smart
Contracts can reduce regulatory and operational costs imposed
by third parties. Digital wallets are Szabo’s prime example.
F. Ethereum
Ethereum is a blockchain and cryptocurrency platform de-
signed to enable decentralized applications (DApps) and smart
contracts. It was proposed by Vitalik Buterin at the end of
2013 and construction began in early 2014, and the network
will be live on July 30, 2015. The main goal of Ethereum is to
provide a platform for developers to build and distribute
decentralized applications, keeping in mind blockchain
technology.[24] A simple digital currency like Bitcoin.Bitcoin
is the first imple- mentation of Blockchain Technology that
has proven to be reliable in the cryptocurrency industry.
Researchers have been investigating how to expand the
capabilities of Blockchain. Vitalik designed Ethereum, which
has been called the second generation of Blockchain.
Ethereum blockchain running code with Turing-complete
deep programming a language that al- lows developers to
create decentralized applications.
G. Bitcoin
Bitcoin is a decentralized digital currency and a major
financial technology created in 2008 by an anonymous person
or a group of people using the alias Satoshi Nakamoto. It was
introduced as an open source software project and its main
goal is to provide a decentralized and trustless system for
peer- to-peer transactions without the need for intermediaries
such as banks or governments. Despite its popularity and
acceptance, Bitcoin also faces regulatory, scalability, and
environmental issues. Its impact on traditional financial
systems and its potential role in the future of finance continue
to be the subject of debate and research.
V. RESULT AND DISCUSSION
In Threat Sharing System (BTISS), the cryptographic hash
function plays an important role in ensuring data integrity,
security, and stability. There are several types of hash
functions used in blockchain and BTISS applications, with
SHA-256 (part of the SHA-2 family) being the most
commonly used in many blockchain systems such as Bitcoin
and Ethereum. However, depending on the specific
requirements and design of BTISS, other hash functions can
be used.
SHA-3 (Secure Hash Algorithm 3):
There are two common models for building trust in the
threat intelligence community. The first is based on a trusted
third party, and the second is based on trust created through
personal relationships.
A cryptographic hash function known for its high speed
and security. It is designed to perform faster than other hash
functions while maintaining a strong level of security.
Keccak Itis the basic hash function for SHA-3. Although
SHA-3 is the standard, Keccak itself can be used in various
applications and may offer different hash lengths. BLAKE3:
Although deprecated due to weaknesses, SHA-1 was used
in some early blockchain applications. It is no longer
considered secure for cryptographic purposes due to collision
attacks. Other custom hash functions:
The global safety net market was valued at
713millionin2020andisexpectedtoreach16,225.7 million

Fig. 2. Blockchain Usage Data (2019-2023)
Fig. 3. Blockchain Based Data Security Market Segments
Fig. 4. Smarter Threat Intelligence Sharing With TRADE
by 2028, growing at a CAGR of 48.2 percent from 2028 to
2028.
VI. CONCLUSION
In conclusion, the blockchain-powered threat sharing
system offers an effective solution to strengthen cyber security
efforts, increase trust, and increase the efficiency of sharing
critical threat information. Despite the challenges, potential
benefits such as increased security, trust, and global
cooperation make it a promising avenue for further research
and development in the field of cyber security. As blockchain
technology advances, it has the potential to revolutionize how
organizations deal with cyber threats in an increasingly
interconnected world. system improves their understanding
and provides prevention. However, it is important to note that
while blockchain offers many benefits, it is not a panacea and
successful implementa- tion requires solving technical,
regulatory and organizational challenges. Future research and
development efforts should focus on refining and expanding
the use of blockchain in threat communication to ensure a
more secure digital world.
REFERENCES
[1] NH Ab Rahman, GC Kessler, and K-KR Choo. Implications of
emerging technologies to incident handling and digital forensic
strategies: A routine activity theory. pages 131–146, 2017.
[2] Juri Mattila et al. The blockchain phenomenon–the disruptive potential
of distributed consensus architectures. 2016.
[3] A. Lamssaggad, N. Benamar, A. Hafid, and M. Msahli, “A survey on
the current security landscape of intelligent transportation systems,”
IEEE Access, vol. 9, pp. 9180–9208, 2021.
[4] Badsha, S., I. Vakilinia, and S. Sengupta. 2019. “Privacy preserving
cyber threat information sharing and learning for cyber defense”. In
2019 IEEE 9th Annual Computing and Communication Workshop and
Conference (CCWC), pp. 0708–0714. IEEE.
[5] Soumya Purohit et al.(2020). Open source intelligence headquar-
ters departments of the army. Retrieved June 1, 2019 from
https://fas.org/irp/doddir/army/atp2229.pdf.
[6] Soumya Purohit et al.(2020) Multi-level Windows exploitation using
Linux Operating System. Asian Journal of Natural Applied Sciences
http://www.ajsc.leena-luna.co.jp/AJSCPDFs/Vol.5(2)/AJSC2016(5.2-
06).pdf
[7] Dr. S. Smys et al., ”DDoS attacks in cloud computing: Issues taxonomy
and future directions”, Computer Communications, pp. 30-48, 2017.
[8] Dr. Wang Haoxiang et al(2020), H. M. Lynn and P. Kim, ”Ontology
Based APT Attack Behavior Analysis in Cloud Computing”, BWCCA,
pp. 375-379, 2020.
[9] R. Riesco et al. Although sharing R. A survey on technical threat
intelligence in the age of sophisticated cyber attacks. Comput. Secur.
2018, 72, 212–233. [Google Scholar] [CrossRef]
[10] Brown, R.; Robert, M.L. The Evolution of Cyber Threat Intelligence
(CTI): 2019 SANS CTI Survey; SANS Institute: Singapore, 2019.
[Google Scholar]
[11] Shen He et al(2021);Lemay, A.; Calvet, J.; Menet, F.; Fernandez, J.M.
Survey of publicly available reports on advanced persistent threat actors.
Comput. Secur. 2021, 72, 26–59. [Google Scholar] [CrossRef]
[12] Javaid, N.; Sher, A.; Nasir, H.; Guizani, N. Intelligence in IoT-based 5G
networks: Opportunities and challenges. IEEE Commun. Mag. 2018, 56,
94–100. [Google Scholar] [CrossRef]
[13] Zhou, D.; Yan, Z.; Fu, Y.; Yao, Z. (2018)A survey on network data
collection. J. Netw. Comput. Appl. 2018, 116, 9–23.
[14] Yayu Bai et al,; R. Riesco et al.Cybersecurity threat intelligence knowl-
edge exchange based on blockchain
[15] Ian, R.: 2020 SANS Network Visibility and Threat Detection Survey.
SANS Institute Reading Room site. 1–20 (2020)
[16] Shakya, S. (2020). Survey on Cloud Based Robotics Architecture,
Challenges and Applications. Journal of Ubiquitous Computing and
Communication Technologies (UCCT), 2(01), 10-18.
[17] Homan, D.; Shiel, I.; Thorpe, C. (2019) A New Network Model
for Cyber Threat Intelligence Sharing using Blockchain Technology.
In Proceedings of the 10th IFIP International Conference on New
Technologies, Mobility and Security (NTMS), Canary Islands, Spain,
24–26.
[18] Zhou, D.; Yan, Z.; Fu, Y.; Yao, Z. (2018)A survey on network data
collection. J. Netw. Comput. Appl. 2018, 116, 9–23
[19] Gartner: Definition: Threat Intelligence.
https://www.gartner.com/en/documents/2487216, last accessed,
2020/05/14
[20] Gong, S., Lee, C. (2020). BLOCIS: Blockchain-Based Cyber Threat
Intelligence Sharing Framework for Sybil-Resistance. Electronics, 9(3),
521.