Application Of Semantic Web Technology In Network Threat Intelligence Analysis System

Due to the rapid development and widely spread of the Internet,the network information made by the Internet has increased rapidly.Some criminals use the exposure of personal privacy information,the virtuality and not easy to track of the network,spreading bad information which is against humanity to users,and even steal user's property through the internet vulnerabilities.While it serious influence the user's life,the huge network data has greatly increased the difficulty of the work of the relevant departments to investigation of cases.In order to screen out and associate the valid data from the mass data,cutting the workload in the process of data analysis.To avoid the traditional database data carrier storage,as well as the lack of inherent correlation between data.This paper propose a method which was mainly based on the semantic annotation and the association screening analysis.It applied the semantic knowledge metadata into the network threat intelligence analysis system.The main research contents include the following aspects:1.A method of data association based on Semantic Web technology is proposed.Through the research on the architecture of the semantic web,and in-depth exploration of the three part of the core semantic network architecture:XML,RDF resource description framework and ontology model,adding semantic information into the scattered,messy and huge data,which let the computer can understand the data semantic.2.Constructing ontology model rules.To determine the different types of safety information of data analysis,combined data characteristics with the social network,VPN and FreeGate,extraction the concept semantic information,construct the abstract data model,integrated network topology discovery technology.Constructing ontology model for network security threat data association system.3.Establish communication between data.To mapping the data which contains the semantic data and the ontology model,associated with the data and reasoning,formate the knowledge element database,knowledge metadata acquisition through the Fuseki semantic framework.Finally,based on the Sparql data acquisition protocol,realize the acquisition and reasoning of the knowledge metadata.4.Construct the technical scheme of the relevance and reasoning in the background data of the network threat intelligence analysis system.Through the encoding to achieve the technical scheme,application the corresponding model and knowledge element database to the analysis system,according to the features of network scenarios,analysed and located the data information,proved the effectiveness of each module,and verified the accuracy and reliability of the technical scheme.The thesis designed the technical analysis of network threat intelligence which was based on Semantic Web.Through the application testing of the real data,it completed the large amount of data filtering and related reasoning,and it also verify the correlation,timeliness and reliability between the data.The system can effectively help the relevant departments to located the target,and find the related things from the mass data.