电信科学 ›› 2018, Vol. 34 ›› Issue (3): 50-58.doi: 10.11959/j.issn.1000-0801.2018127

• 专题:网络空间安全 • 上一篇    下一篇

基于自更新威胁情报库的大数据安全分析方法

侯艳芳,王锦华   

  1. 移动互联网系统与应用国家工程实验室,上海 201315
  • 修回日期:2018-03-09 出版日期:2018-03-01 发布日期:2018-04-02
  • 作者简介:侯艳芳(1990-),女,移动互联网系统与应用安全国家工程实验室安全研究员,主要研究方向为大数据安全相关技术。|王锦华(1982-),男,现就职于移动互联网系统与应用安全国家工程实验室,主要研究方向为云计算、大数据安全相关技术。

Big data security analysis method based on self-update threat intelligence database

Yanfang HOU,Jinhua WANG   

  1. Mobile Internet System and Application Security National Engineering Laboratory,Shanghai201315,China
  • Revised:2018-03-09 Online:2018-03-01 Published:2018-04-02

摘要:

大数据安全分析方法一般是基于已有的特征库对恶意行为进行匹配检测,该方法只能检测到已知攻击,不能对新型的未知攻击与复杂变种攻击进行分析判断。通过大数据分析技术,对采集数据进行安全价值提炼,实现从采集数据、威胁信息、威胁知识,再到威胁情报的价值转换,形成具有隐蔽性、价值选择性、对抗性、预测性、决策性、可举证性、时效性的高价值威胁情报。首先分析了已有安全分析方法的局限性,然后详细介绍了威胁情报库的构建方法,最后阐述了基于自更新威胁情报库的大数据安全分析方法。基于自更新的威胁情报库进行大数据安全分析,可以有效地挖掘出互联网数据中潜藏的威胁,强化互联网企业已有的安全防护能力,以便在安全博弈过程中掌握事前防御的主动权。

关键词: 威胁情报库, 大数据分析, 威胁信息, 威胁知识, 自更新

Abstract:

Big data security analysis method is generally based on the existing signature database to detect and match malicious behaviors.This method can only detect known attacks and can't analyze and judge new types of unknown attacks and complex variant attacks.Through the big data analysis technology,the collected data was extracted for safety value,and the value conversion from the collected data,threat information,threat knowledge to threat intelligence was realized,high-value threat intelligence of forming hidden,value selective,adversarial,predictive,and decision-making,evidence-based,time-sensitive was formed.Firstly,the limitations of the existing security analysis methods were analyzed.Then the construction method of threat intelligence database was introduced in detail.Finally,the security analysis method of big data based on self-renewing threat information database was described.The analysis of big data security based on the self-updated threat intelligence database could mine the hidden threats in internet data effectively and strengthen the existing security protection capabilities of internet companies so that the preemptive defense initiative could be mastered during the security game.

Key words: threat intelligence database, big data analysis, threat information, threat knowledge, self-update

中图分类号: 

No Suggested Reading articles found!