| The development and application of information science and technology has greatly brought convenience to people's daily life and subverted the traditional way of daily life,promoting the economic and social development.At the same time,criminals use information technology to carry out cybercrime.Security incidents happened frequently and network security has affected all aspects of people's lives.Iran “shock network”,Yahoo large-scale information disclosure event and a series of security incidents make government,organizations and individuals pay more and more attention to information security.Criminals and hackers proceed network crime in a variety of ways and become more complex.The development and rapid popularization of science and technology also put forward higher requirements to the network security.The existing IPS and IDS are mostly based on the feature matching technology to detect the target system.The diversity of the threat forms and the variability of the attack mode make the existing defense mechanism difficult to play an effective role.Based on the collaborative defense and sharing mechanism threat intelligent came into being and the formation of intelligence-driven network strategy system is increasingly urgent.Based on the source of security threats to the target system and the shortcomings of current security defense system,interfering the mechanism of network threat intelligence sharing,this paper applies modeling and simulation methods to analyze the threat of intelligence.The main work has the following:(1)Analyze the threat severity of the target system at all stages from the network attack and propose a threat intelligence analysis based on the attack chain combined with network traffic detection.According to the characteristics of each stage of the attack chain,the method of association analysis is used to analyze the threat of multiple stages and extract threat intelligence.(2)From the perspective of the target system look upon of the attack,in particular,the threat to the target system by insiders of the unconscious information disclosure of caused.With reference to TF-IDF processing text information algorithm,application of multi-data domain integration threat detection method to enhance the detection of internal threats.(3)According to the above two kinds of detection methods,we detect external threats and internal threats separately,extracting the threat indicators.In order to be able to effectively share threat information,this article uses the OpenIOC framework as a real-worldsecurity intelligence sharing specification.Each IOC substance is a composite indicator,which is the combination of multiple Indicator as an IOC and ultimately in the form of IOC is a compound expression. |
PDF Full Text Request