Study On The Multi-dimensional Analysis Model Of Threat Intelligence Credibility In Cyberspace

With the globalization of information and interconnection of things,cyberspace is expanding in a large scale.Cyber attacks,cyber crimes and cyber threats are also increasing,which are constantly challenging the defense capability of information security.In view of the grim situation of Cyberspace Security,threat intelligence has always been a hot topic in the field of information security,and is the cornerstone of the next generation security defense system.The perception and sharing of threat intelligence is the core of security synergy defense.The United States,Europe and China are all building threat intelligence centers,and well-known security enterprises and institutions have built threat intelligence sharing and exchange platforms.At the same time,related sharing and exchange standards and technologies have accelerated the process of sharing and utilizing threat intelligence.However,in the dynamic,open and pluralistic network space the threat intelligence sharing equipped with features like mass data,the low value of information density and the quality of fuzzy,often a lot of deception,misleading or confusing false intelligence and counter intelligence make it difficult to find the really valuable information for security analysis and decision making.In Security defense system centered on Threat Intelligence,how to create high fidelity and reliable information from shared intelligence and maintain low false positive rate are critical for the application of network attack detection and traceability.Therefore,this paper mainly studies the trustworthiness evaluation of threat intelligence in cyberspace.Then,the main works are as follows:(1)In terms of intelligence quality and credible sharing issue of shared platform,based on the improvement of 3S model and the multi-source of information sharing,this paper proposes a multi-dimesion analysis method for threat intelligence credibility.According to the characteristics of threat intelligence information,combined with the unstructured analysis of multi-platform intelligence,this method introduces structured triples to define threat intelligence,and uses word vectors rich in contextual information to characterize intelligence description to facilitate the uniform analysis of multi-source intelligence.And considering the impact of intelligence timeliness,multi-source consistency verification,intelligence source credibility and so on on the credibility,15 objective quantitatively trusted features are extracted from three levels of time,content and domain knowledge,and the characteristic indexes are relatively comprehensive and follow the mathematical principle,making the calculation more accurate.(2)In order to solve the problem of potential credibility factor which is difficult to mine multi-source information,this paper proposes an information credibility judgment algorithm based on DBN and multidimensional credibility features.Firstly,the algorithm extracts the trustworthy features of intelligence,domain and domain knowledge,introduces deep learning algorithm to learn the credibility factor of deep ion,and uses DBN to mine the correlation of trustworthiness evaluation among different dimensions of intelligence,that is,combined with BP for supervised classification,the layer map further learns the high-level potential features.Experiments show that the DBN model has higher accuracy and efficiency than the traditional shallow network algorithm.(3)According to the requirement of trusted testing and informing of users on the shared platform,this paper designs and implements an effective trusted testing system.Through analyzing the target intelligence multi-source information crawling and information enrichment,the system will avoid that intelligence data becomes poor and is difficult to analyze,and will apply DBN and multi-dimensional trustworthiness based on the credibility of the credibility of the algorithm to detect,and when the corresponding type of training sample library is not enough,the multi-source verification algorithm will be used for rough recognition.The implementation of the dual algorithm improves the accuracy and efficiency of the system detection.At the same time,system testing has verified that it can provide credible testing services to threat intelligence for users such as security analysts.