Research And Design Of Ontology Based Threat Intelligence Knowledge System

Nowadays,with the advancement of technology,the resources of the hacker organization are more abundant.The passive defense methods used in traditional network space offensive and defensive technology have been unable to cope with hackers with many attack resources and financial support.As an emerging network space offensive and defensive technology,the network threat intelligence has emerged as a new way of attack and defense technology.This technology has changed the method of passive defense in the past and realized active defense.But how to judge and identify key network threat information? How to make the obtained threatening information fully played? In order to solve the above problems,this article proposes the accurate expression of the body for non-structural threat intelligence,and automatic discovery of threatening intelligence discovery Related,you can adopt deep learning algorithms and rules-based methods to achieve the key features of automated focusing threat intelligence to achieve the purpose of reverse dispery of data interference information of the source of the source of threats.Identify the threat intelligence entity.The main research content of this article is as follows:(1)This article first starts from industry specifications with high degree of recognition in the field of threatening intelligence.The analysis and confirmation of the category collection required for threatening intelligence fields.relation.Construct a collection and class relationship to build a Three Intelligence Domain Ontology(TICDO).In order to ensure the normality of the ontology,the OWL language is used to form a formalized description of the ontology,and then in order to verify the effectiveness of the body’s body,the ontology evaluation mechanism is used to evaluate the ontology of the main body in the field.The verification of medium accuracy,integrity and consistency provides a basic knowledge structure for threat intelligence knowledge system.(2)According to the characteristics of unstructured data of threat intelligence source data,this paper proposes an entity extraction method based on Bert Bi LSTM ATT-CRF model to identify and extract entities in threat intelligence source data.After model training,the accuracy,recall,and harmonic mean of accuracy and recall of unstructured entity extraction model of threat intelligence are 89.61%,82.59%,and 85.95%,respectively,The effectiveness of the model was also verified by comparing experimental results.This article also proposes a rule-based entity relationship extraction method.This method uses the output results of entity extraction as input data,and extracts entity relationships by establishing inter entity relationship rules.The accuracy of threat intelligence entity relationship extraction is verified to be 85.19% through experiments,and the effectiveness of this method is also verified through comparative experiments.(3)In order to complete the construction of the ontology-based threat intelligence knowledge system,this paper takes the threat intelligence domain ontology as the conceptual layer,and collects the structured data,semi-structured data and unstructured data in the threat intelligence domain as the data layer,and jointly constructs the ontology-based threat intelligence knowledge system.The data stored in the system can be queried by threat intelligence entity name and entity type on the knowledge retrieval interface,and the query results display the basic information and associated information of the entity in the form of a table.In addition,the threat intelligence obtained by the user can be uploaded on the knowledge extraction interface,and the upload format is required to be PDF or TXT,and the system can realize the automatic identification and extraction of threat intelligence knowledge,and the results of knowledge extraction are displayed in the form of graphs.