Research On Key Technologies Of Trust Peception Of Cyber Threat Intelligence In Big Data Environment

In the face of the increasingly complex,persistent,organized and weaponized cyber attacks,more and more organizations and individuals around the world start sharing and using cyber threat intelligence(CTI)to fully understand the rapidly evolving cyber threat situation and prevent cyber attacks.With the rapid development of CTI sharing,the characteristics of CTI,such as wide source,variety,quantity,fast update and high value,bring a series of new problems and challenges to the trust perception of CTI:insufficient consideration of trust factors in the trust assessment of CTI sources for CTI sharing,lack of trust evaluation mechanism of CTI content itself for CTI sharing,lack of threat type labels of infrastructure nodes involved in CTI.Thus,this thesis focuses on the trust perception problems of CTI in big data environment,and proposes a serious of novel methods and models from the following three perspectives:the trust perception of CTI sources in CTI sharing,the trust perception of CTI content itself,the threat type identification of infrastructure nodes based on trustable CTI.The main contributions of this thesis can be expressed in the following four perspectives:(1)In view of the trust evaluation factor insufficiency problem of CTI sources in TISP,a multi-criteria trustworthiness calculation method is proposed for information sources,in which identity-based trust,behavior-based trust,relation-based trust,and feedback-based trust factors are incorporated to present an accuracy-enhanced full view of trustworthiness evaluation of information sources.More importantly,the weights of these factors are dynamically assigned by the ordered weighted averaging and weighted moving average(OWA-WMA)combination algorithm.This mechanism surpasses the limitations of existing approaches in which weights are assigned subjectively.Experimental results based on real-world datasets from Sina Weibo demonstrate that the proposed mechanism achieves greater accuracy and adaptability in trustworthiness identification of network information.(2)In view of the trust perception problem of large-scale heterogeneous threat intelligence,we propose a graph mining-based trust evaluation mechanism with multidimensional features.This mechanism provides a feasible scheme and achieves the task of trust evaluation for TISP,through the integration of a trust-aware intelligence architecture model,a graph mining-based intelligence feature extraction method,and an automatic and interpretable trust evaluation algorithm.We implement this trust evaluation mechanism in a practical TISP,and evaluate the performance of our system on a real-world dataset.Experimental results show that our mechanism can achieve 92.83%precision and 93.84%recall in trust evaluation.To the best of our knowledge,this work is the first to evaluate the trust level of heterogeneous threat intelligence automatically from the perspective of graph mining with multidimensional features.Our work is beneficial to provide assistance on intelligence quality for the decision-making of human analysts,build a trust-aware threat intelligence sharing platform,and enhance the availability of heterogeneous threat intelligence to protect organizations against cyberspace attacks effectively.(3)Owing to the limited labels of cyber threat infrastructure nodes involved in CTI,we proposed a practical cyber threat intelligence modeling approach and a threat type intelligent identification algorithm of infrastructure nodes based on heterogeneous graph convolution network.In view of many types of infrastructure nodes and node relationships are involved in cyber threat intelligence,we first design a threat intelligence meta-schema to depict the semantic relatedness of infrastructure nodes.We then model cyber threat intelligence on heterogeneous information network(HIN),which can integrate various types of infrastructure nodes and rich relations among them.Following,we define a meta-path and meta-graph instances-based threat Infrastructure similarity(MIIS)measure between threat infrastructure nodes and present a MIIS measure-based heterogeneous graph convolutional network(GCN)approach to identify the threat types of infrastructure nodes involved in CTI.Moreover,through the hierarchical regularization strategy,our model can alleviate the problem of overfitting and achieve good results in the threat type identification of infrastructure nodes.(4)Based on the methods and models proposed in chapter 3,4,and 5,a prototype system of threat intelligence trust perception is designed and implemented.The core modules of the system include multi-source threat intelligence collection module and trust perception module of threat intelligence content.The results of system function test and performance test show that the system can meet the users'trust perception query needs.In summary,this thesis not only proposes a series of methods and models from the following three perspectives:trust perception technology of threat intelligence sources in the shared environment,the trust perception technology of threat intelligence content itself,and threat types intelligent identification of infrastructure nodes based on trustable threat intelligence,but also carries out theoretical analysis and a large number of experiments to verify their effectiveness,providing important theoretical and technical support for the trust perception of CTI in the big data environment.