网络与信息安全学报 ›› 2020, Vol. 6 ›› Issue (6): 88-96.doi: 10.11959/j.issn.2096-109x.2020078

• 学术论文 • 上一篇    下一篇

基于跨域协同的网络空间威胁预警模式

熊钢(),葛雨玮,褚衍杰,曹卫权   

  1. 盲信号处理国家级重点实验室,四川 成都 610041
  • 修回日期:2020-07-28 出版日期:2020-12-15 发布日期:2020-12-16
  • 作者简介:熊钢(1986- ),男,四川绵阳人,博士,盲信号处理实验室助理研究员,主要研究方向为网络安全设计、网络异常检测|葛雨玮(1991- ),男,四川成都人,硕士,盲信号处理实验室工程师,主要研究方向为网络流量分析、二进制分析|褚衍杰(1982- ),男,山东枣庄人,博士,盲信号处理实验室副研究员,主要研究方向为网络体系安全、态势感知|曹卫权(1989- ),男,河北宁晋人,博士,盲信号处理实验室助理研究员,主要研究方向为软件安全、智能信息处理
  • 基金资助:
    教育部重点基金项目(6141A02011904)

Model of cyberspace threat early warning based on cross-domain and collaboration

Gang XIONG(),Yuwei GE,Yanjie CHU,Weiquan CAO   

  1. National Key Laboratory of Science and Technology on Blind Signal Processing,Chengdu 610041,China
  • Revised:2020-07-28 Online:2020-12-15 Published:2020-12-16
  • Supported by:
    Key Foundation Project of Chinese Ministry of Education(6141A02011904)

摘要:

网络空间威胁发展呈现出主动性、隐蔽性、泛在性的特点,向传统被动式、局域性、孤立化的网络防御模式提出了严峻挑战。针对大数据、人工智能与网络安全融合的新趋势,提出一种跨域协同的威胁预警模式,为网络空间安全防护赋能增效。首先,该模式从网络空间结构出发,通过划分安全威胁域、解析系统功能、设计共享机制,构建具有合纵连横作用的功能框架;其次,为提升威胁信息检测能力,设计了分层司职的协同化技术体系,阐述了威胁信息感知、处理、应用等关键技术;最后,借助应用场景,定性化描述了所提预警模式的能力增量。

关键词: 网络防御, 人工智能, 流量大数据

Abstract:

The development of network threat shows the characteristics of initiative,concealment and ubiquity.It poses a severe challenge to the passive,local and isolated traditional network defense mode.In view of the new trend of integration of big data,artificial intelligence and network security,a cross-domain collaborative network threat early warning model was proposed,which could enable and increase efficiency for cyberspace security.Firstly,starting from the overall structure of the protected network space,the model constructs a cross-domain function framework with the vertical and horizontal conjunction by dividing the security threat domain,decomposing the system function,designing the information sharing mechanism.Secondly,to enhance the ability of threat information detection,the collaborative technology architecture is designed by the logic of hierarchical management,and the key technologies involved in threat information perception,processing and application,are systematically introduced.Finally,with the help of application scenarios,qualitatively the capability increment of the proposed threat early warning model was described.

Key words: Network defense, artificial intelligence, big traffic data

中图分类号: