The exchange of threat intelligence information can make a significant contribution to improving IT security in companies and has become increasingly important in recent years. However, such an exchange also entails costs and risks, preventing many companies from participating. In addition, since legal reporting requirements were introduced in various countries, certain requirements must be taken into account in the exchange process. However, existing exchange platforms neither offer incentives to participate in the exchange process, nor fulfill requirements resulting from reporting obligations. With this work, we present a decentralized platform for the exchange of threat intelligence information. The platform supports the fulfillment of legal reporting obligations for security incidents and provides additional incentives for information exchange between the parties involved. We evaluate the platform by implementing it based on the EOS blockchain and IPFS distributed hash table. The prototype and cost measurements demonstrate the feasibility and cost-efficiency of our concept.

威胁情报信息的交换可以为改善公司的IT安全性做出重大贡献，并且近年来变得越来越重要。但是，这种交换也带来了成本和风险，使许多公司无法参与。另外，由于各国都引入了法律报告要求，因此在交换过程中必须考虑某些要求。但是，现有的交换平台既不提供参与交换过程的激励措施，也不满足报告义务产生的要求。通过这项工作，我们提供了一个分散的平台，用于交换威胁情报信息。该平台支持安全事件的法律报告义务的履行，并为有关各方之间的信息交换提供了额外的激励。我们通过基于EOS区块链和IPFS分布式哈希表实现该平台来评估该平台。原型和成本测量证明了我们概念的可行性和成本效率。