基于机器学习的多源威胁情报质量评价方法

doi:10.11959/j.issn.1000-0801.2020010

Abstract

Abstract:

During the collection process of multi-source threat intelligence,it is very hard for the intelligence center to make a scientific decision to massive intelligence because the data value density is low,the intelligence repeatabil-ity is high,and the ineffective time is very short,etc.Based on those problems,a new multi-source threat intelligence confidence value evaluation method was put forward based on machine learning.First of all,according to the STIX intelligence standard format,a multi-source intelligence data standardization process was designed.Secondly,ac-cording to the characteristic of data,14 characteristics were extracted from four dimensions of publishing time,source,intelligence content and blacklist matching degree to be the basis of determining the intelligence reliability.After getting the feature encoding,an intelligence confidence value evaluation model was designed based on deep neural network algorithm and Softmax classifier.Backward propagation algorithm was also used to minimize recon-struction error.Last but not least,according to the 2 000 open source marked sample data,k-ford cross-validation method was used to evaluate the model and get an average of 91.37% macro-P rate and 84.89% macro-R rate.It was a good reference for multi-source threat intelligence confidence evaluation.

Key words: information safety, threat intelligence, confidence evaluation, deep neural network

CLC Number:

TP393

Hansheng LIU,Hongyu TANG,Mingxia BO,Jianfeng NIU,Tianbo LI,Lingxiao LI. A multi-source threat intelligence confidence value evaluation method based on machine learning[J]. Telecommunications Science, 2020, 36(1): 119-126.

Figures/Tables 8

References 12

[1]	DANDURAND L , SERRANO O S . Towards improved cyber security information sharing[Z]. 2013.
[2]	刘春年, 张凌宇 . 应急信息可信度研究范式的三维阐释与构建——基于工程化思维与 WSR 方法论[J]. 现代情报, 2017,37(6): 24-30.
	LIU C N , ZHANG L Y . Three dimensional interpretation and construction of emergency information credibility research paradigm_based on engineering thinking and WSR methodology[J]. Journal of Modern Information, 2017,37(6): 24-30.
[3]	贺雅琪 . 多源异构数据融合关键技术研究及其应用[D]. 成都:电子科技大学, 2018.
	HE Y Q . Research and applications on the key technology of multi-source heterogeneous data fusion[D]. Chengdu:University of Electronic Science and Technology of China, 2018.
[4]	徐留杰, 翟江涛, 杨康 ,等. 一种多源网络安全威胁情报采集与封装技术[J]. 网络安全技术与应用, 2018(10): 23-26.
	XU L J , ZHAI J T , YANG K ,et al. A multi-source network security threat information collection and packaging technology[J]. Network Security Technology ＆ Application, 2018(10): 23-26.
[5]	MOHAISEN A,AL-IBRAHIM O , KAMHOUA C ,et al. Re-thinking information sharing for threat intelligence[Z]. 2017.
[6]	STHONNARD O , DACIER M . Actionable knowledge discov-ery for threats intelligence support using a multi-dimensional data mining methodology[Z]. 2008.
[7]	QAMAR S , ANWAR Z , RAHMAN M A ,et al. Data-driven analytics for cyber-threat intelligence and information shar-ing[J]. Computers ＆ Security, 2017(67): 35-58.
[8]	侯艳芳, 王锦华 . 基于自更新威胁情报库的大数据安全分析方法[J]. 电信科学, 2018,34(3): 56-64.
	HOU Y F , WANG J H . Big data security analysis method based on self-update threat intelligence database[J]. Telecommunications Science, 2018,34(3): 56-64.
[9]	李蕾 . 网络空间中威胁情报可信度多维度分析模型研究[D]. 北京:北京邮电大学, 2018.
	LI L . Study on the multi-dimensional analysis model of threat intelligence credibility in cyberspace[D]. Beijing:Beijing University of Posts and Telecommunications, 2018.
[10]	BOU-HARB E , LUCIA W , FORTI N ,et al. Cyber meets control:a novel federated approach for resilient cps leveraging real cyber threat intelligence[J]. IEEE Communications Magazine, 2017: 2-8.
[11]	SERKETZIS N , KATOS V , ILIOUDIS C ,et al. Actionable threat intelligence for digital forensics readiness[J]. Information＆ Computer Security, 2019,27(2).
[12]	方滨兴 . 定义网络空间安全[J]. 网络与信息安全学报, 2018,4(1): 1-5.
	FANG B X . Define cyberspace security[J]. Chinese Journal of Network and Information Security, 2018,4(1): 1-5.

Metrics

Recommended 0

No Suggested Reading articles found!

符号（特征）	描述	示例（将时间转换为毫秒值）
T_now	当前时间	1 559 638 191 019
T_latest	情报最近发布时间	1 559 638 132 222
T_sec	情报发布时间2（空为0）	1 559 638 131 115
T_thir	情报发布时间3（空为0）	0

符号（特征）	描述	示例
T_attack	攻击类型（可包含多种）	100000010000
N_IP地址	情报中恶意IP地址个数	4
P_longitude	情报中一个随机IP地址或域名经度	27.32
P_latitude	情报中一个随机IP地址或域名纬度	106.37
N_domain	情报中恶意域名个数	2
N_url	情报中恶意URL个数	5
N_hash	情报中恶意Hash个数	3

符号（特征）	描述	示例
C_IP地址	与黑名单库IP地址重叠个数	3
C_domain	与黑名单库域名重叠个数	5
C_url	与黑名单库URL重叠个数	1
C_hash	与黑名单库Hash重叠个数	2

算法	macroP	macroR	macroF1
本文算法	91.37%	84.89%	88.01%
SVM	85.30%	80.26%	82.74%
决策树算法	75.71%	68.34%	71.83%

A multi-source threat intelligence confidence value evaluation method based on machine learning

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 12

Related Articles 11

Metrics

Recommended 0

[1]	Min LU, Zehao QIN, Zhihui CHEN, Min ZHANG, Guangxue YUE. 1D-Concatenate based channel estimation DNN model optimization method [J]. Telecommunications Science, 2023, 39(4): 71-86.
[2]	Weixiong CHEN, Xiaochen YANG, Zengjun CHUN, Ruolan LI, Hua ZHANG. Research and practice of network security threat intelligence management system for power enterprise [J]. Telecommunications Science, 2022, 38(7): 184-189.
[3]	Panpan LI, Zhengxia XIE, Guangxue YUE, Xin LIU. Research progress and trends of deep learning based wireless communication receiving method [J]. Telecommunications Science, 2022, 38(2): 1-17.
[4]	Haitao ZHANG, Yi JIANG, Shijie ZHU, Qi CHEN. Research and application exploration of threat intelligence system of telecom operators [J]. Telecommunications Science, 2022, 38(12): 121-132.
[5]	Shujun SUN, Shengliang PENG, Yudong YAO, Xi YANG. A survey of deep learning based modulation recognition [J]. Telecommunications Science, 2021, 37(5): 82-90.
[6]	Rui MIN. A survey of efficient deep neural network [J]. Telecommunications Science, 2020, 36(4): 115-124.
[7]	Yajie LI,Yongli ZHAO,Shoudong LIU,Jie ZHANG. Overview of research on fiber nonlinear equalization algorithm based on artificial intelligence [J]. Telecommunications Science, 2020, 36(3): 61-70.
[8]	Mingxia BO,Hongyu TANG,Chen MA,Jian ZHANG. Application of security threat intelligence based on big data analysis in telecom operators [J]. Telecommunications Science, 2020, 36(11): 127-133.
[9]	Yang YU,Shaomin ZHU,Chaoyi BIAN. Knowledge graph based ubiquitous power IoT security visualization technology [J]. Telecommunications Science, 2019, 35(11): 132-139.
[10]	Yanfang HOU,Jinhua WANG. Big data security analysis method based on self-update threat intelligence database [J]. Telecommunications Science, 2018, 34(3): 50-58.
[11]	Haikun WANG,Jia PAN,Cong LIU. Research development and forecast of automatic speech recognition technologies [J]. Telecommunications Science, 2018, 34(2): 1-11.