Research On APT Detection Technology Based On Threat Intelligence

The advanced persistent threat has become the main situation of cyberspace security confrontation,and the efficiency of traditional network protection technologies cannot meet the demand.Threat intelligence-based detection has become a hot technical tool for preventing APT attacks quickly and efficiently.It has also become a hot issue in current research.This paper uses data analysis and machine learning methods to mine and classify threat intelligence data,and discover malware attacks.Features are important for improving the protection efficiency of current advanced persistent threats.The main work of this paper is as follows:1.For the multi-source threat intelligence collection,this paper designs and develops three acquisition methods,namely: a method based on web crawler that can resist the existing typical anti-climbing strategy,a method based on mail subscription parsing and a method based on open source intelligence sharing;2.Based on TextRank and FastText algorithm,the automatic classification of threat intelligence is realized.The designed method uses the TextRank algorithm to extract the keywords from the threat intelligence samples,removes the stop words,then inputs them into the FastText algorithm,constructs the classification model,trains the threat intelligence classification model through experiments and adjustments,and finally uses the model to achieve the Automated classification of threat intelligence;3.Correlation analysis of threat intelligence based on keyword association method,mining a life cycle of threat intelligence from generation to extinction,determining the state and form of the intelligence at different stages of development,so as to be able to understand threat information more comprehensively;4.Based on the 35,934 malicious domain names extracted from the threat intelligence,the machine learning algorithm is used to extract the malicious domain name features,and then the integrated classifier is used to train the malicious domain name recognition model.Finally,the model is used to identify the malicious domain name.The results show that the method designed in this paper can effectively distinguish between malicious domain names and normal domain names.Finally,the work of this paper is summarized and forecasted...