| threat intelligence sharing has become a growing concept , whereby entities can exchange patterns of threats with each other , in the form of indicators , to a community of trust for threat analysis and incident response . however , sharing threat - related information have posed various risks to an organization that pertains to its security , privacy , and competitiveness . given the coinciding benefits and risks of threat information sharing , some entities have adopted an elusive behavior of `` free - riding '' so that they can acquire the benefits of sharing without contributing much to the community . so far , understanding the effectiveness of sharing has been viewed from the perspective of the amount of information exchanged as opposed to its quality . in this paper , we introduce the notion of quality of indicators ( qoi ) for the assessment of the level of contribution by participants in information sharing for threat intelligence . we exemplify this notion through various metrics , including correctness , relevance , utility , and uniqueness of indicators . in order to realize the notion of qoi , we conducted an empirical study and taken a benchmark approach to define quality metrics , then we obtained a reference dataset and utilized tools from the machine learning literature for quality assessment . we compared these results against a model that only considers the volume of information as a metric for contribution , and unveiled various interesting observations , including the ability to spot low quality contributions that are synonym to free riding in threat information sharing . |