Research On Risk Assessment And Early Warning Model Of Cyber Asset Based On Dark Web Threat Intelligence Analysis

With the gradual maturity of cyber attacks,the traditional cyber security passive defense technologies can hardly cope with the endless cyber attacks nowadays,so cyber security active defense methods such as cyber asset risk assessment have become the key research direction in the field of cyber security.There are two problems to be solved in the field of cyber asset risk assessment today.1)When using machine learning algorithms for risk assessment of cyber assets based on cyber asset features dataset,cyber asset features are difficult to analyze directly by machine learning algorithms,and there is a lack of comprehensive,unified and effective conversion rules for numerical implementation of relevant datasets.2)Traditional risk assessment of cyber assets is mainly based on the threat data of surface network,and the assessment is done from the perspective of defender.The timeliness and information value of assessment data of such methods are low,and qualitative or quantitative assessment of indicators does not take into account the attacker’s actual propensity to attack,which leads to delayed and subjective assessment results.To address problem 1,this Thesis proposes a Mathematical Representation model for Cyber Asset Data(MR-CAD).In response to question 2,it was found through research that there is a large amount of high-timeliness,high-value threat intelligence published on Dark Web from the attacker’s perspective that can be analyzed and used in cyber asset risk assessment to mitigate the aforementioned problems.Therefore,this Thesis proposes a Cyber Asset Risk Assessment model based on Dark Web Threat Intelligence analysis(CARA-DTI),CARA-DTI is divided into three stages.In the first stage,the model implements the acquisition of Dark Web threat intelligence dataset on targeted Dark Web market and designs Web-based Chinese Adaptive Word Segmentation algorithm(CAWS-Web)for Chinese threat intelligence to improve its accuracy of word segmentation.In the second stage,we first clustered intelligence based on the segmented text to obtain intelligence category feature,and designed an Intelligence Timeliness Acquisition Algorithm based on Network Propagation degree(ITAA-NP)to obtain threat intelligence timeliness automatically and efficiently.Then,the Risk Assessment of Intelligence-Linked Asset algorithm based on Dark Web Threat Intelligence(RAILA-DTI)is designed to perform risk assessment of intelligence-linked asset from the attacker’s perspective.After in-depth analysis,the model obtains a threat intelligence database with multi-dimensional features.In the last stage,the asset-intelligence correlation algorithm is designed to correlate the asset to be assessed with the database,and the overall risk assessment of the asset is finally realized by the correlated intelligence information.This Thesis demonstrates the validity and value of the MR-CAD model and CARA-DTI model and their proposed methods through experimental results and analysis.