基于威胁情报的网络安全态势感知模型

张红斌; 尹彦; 赵冬梅; 刘滨

doi:10.11959/j.issn.1000-436x.2021106

您当前的位置：

首页 >

文章列表页 >

基于威胁情报的网络安全态势感知模型

学术论文 | 更新时间：2024-06-05

- 基于威胁情报的网络安全态势感知模型
- Network security situational awareness model based on threat intelligence
- 通信学报 2021年42卷第6期页码：182-194
- 作者机构：
  
  1. 河北科技大学信息科学与工程学院，河北石家庄 050018
  2. 河北师范大学河北省网络与信息安全重点实验室，河北石家庄 050024
  3. 河北科技大学经济管理学院，河北石家庄 050018
  4. 河北科技大学大数据与社会计算研究中心，河北石家庄 050018
- 作者简介：
  
  [ "张红斌（1976− ），男，河北赵县人，博士，河北科技大学教授，主要研究方向为网络安全与管理、社交物联网等" ]
  [ "尹彦（1997− ），女，山东德州人，河北科技大学硕士生，主要研究方向为网络安全与管理" ]
  [ "赵冬梅（1966− ），女，河北深州人，博士，河北师范大学教授，主要研究方向为网络空间安全、人工智能及应用等" ]
  [ "刘滨（1975− ），男，河北唐山人，博士，河北科技大学教授，主要研究方向为大数据、社会计算、人工智能等" ]
- 基金信息：
  
  国家自然科学基金资助项目(61672206);国家自然科学基金资助项目(61572170);河北省省级科技计划基金资助项目(18210109D);河北省省级科技计划基金资助项目(20310701D);河北省省级科技计划基金资助项目(20310802D);河北省高层次人才基金资助项目(A2016002015);石家庄市科学技术研究与发展计划基金资助项目(19SCX01006);石家庄市科学技术研究与发展计划基金资助项目(191130591A)
- DOI：10.11959/j.issn.1000-436x.2021106
  中图分类号： TP393.08
- 网络出版日期：2021-06，
  
  纸质出版日期：2021-06-25
- 稿件说明：
移动端阅览
张红斌, 尹彦, 赵冬梅, 等. 基于威胁情报的网络安全态势感知模型[J]. 通信学报, 2021,42(6):182-194.

Hongbin ZHANG, Yan YIN, Dongmei ZHAO, et al. Network security situational awareness model based on threat intelligence[J]. Journal on communications, 2021, 42(6): 182-194.
张红斌, 尹彦, 赵冬梅, 等. 基于威胁情报的网络安全态势感知模型[J]. 通信学报, 2021,42(6):182-194. DOI： 10.11959/j.issn.1000-436x.2021106.

Hongbin ZHANG, Yan YIN, Dongmei ZHAO, et al. Network security situational awareness model based on threat intelligence[J]. Journal on communications, 2021, 42(6): 182-194. DOI： 10.11959/j.issn.1000-436x.2021106.

摘要

为了解决现实环境中网络规模日益扩大导致网络攻击持续高发的现状，将威胁情报应用到态势感知，构建基于随机博弈的态势感知模型。将外源威胁情报与系统内部安全事件之间的相似度进行比较，对目标系统进行威胁察觉，根据系统内部的威胁信息生成内源威胁情报；在此过程中，利用博弈论的思想量化系统当前的网络安全态势，评估网络的安全状况，最终实现对网络安全态势的预测。实验结果表明，基于威胁情报的网络安全态势感知模型能正确地反映网络安全状态的变化，对攻击行为进行准确的预测。

Abstract

In order to deal with the problems that the increasing scale of the network in the real environment leads to the continuous high incidence of network attacks

the threat intelligence was applied to situational awareness

and the situational awareness model based on random game was constructed.Threat perception of the target system was performed by comparing the similarity between the exogenous threat intelligence and the internal security events of the system.At the same time

internal threat intelligence was generated based on the threat information inside the system.In this process

game theory was used to quantify the current network security situation of the system

evaluate the security status of the network.Finally

the prediction of the network security situation was realized.The experimental results show that the network security situation awareness method based on threat intelligence can reflect the changes in the network security situation and predict attack behaviors accurately.

关键词

Keywords

references

ZHANG Q Y , LI H , HU J S . A study on security framework against advanced persistent threat [C ] // 2017 7th IEEE International Conference on Electronics Information and Emergency Communication . Piscataway:IEEE Press , 2017 : 128 - 131 .

ÇıNAR C , ALKAN M , DÖRTERLER M , et al . A study on advanced persistent threat [C ] // 2018 3rd International Conference on Computer Science and Engineering . Piscataway:IEEE Press , 2018 : 116 - 121 .

LI Y Q , DAI W K , BAI J , et al . An intelligence-driven security-aware defense mechanism for advanced persistent threats [J ] . IEEE Transactions on Information Forensics and Security , 2019 , 14 ( 3 ): 646 - 661 .

ENDSLEY M R . Toward a theory of situation awareness in dynamic systems [J ] . Human Factors:the Journal of the Human Factors and Ergonomics Society , 1995 , 37 ( 1 ): 32 - 64 .

BASS T . Intrusion detection systems and multisensor data fusion [J ] . Communications of the ACM , 2000 , 43 ( 4 ): 99 - 105 .

HE F N , ZHANG Y Q , LIU H Z , et al . SCPN-based game model for security situational awareness in the Intenet of things [C ] // 2018 IEEE Conference on Communications and Network Security . Piscataway:IEEE Press , 2018 : 1 - 5 .

翁芳雨 . 基于随机博弈模型的网络安全态势评估与预测方法的研究与设计 [D ] . 北京:北京邮电大学 , 2018 .

WENG F Y . Research and design of network security situation assessment and prediction method based on random game model [D ] . Beijing:Beijing University of Posts and Telecommunications , 2018 .

李腾飞 , 李强 , 余祥 , 等 . 基于拓扑漏洞分析的网络安全态势感知模型 [J ] . 计算机应用 , 2018 , 38 ( S2 ): 157 - 163 , 169 .

LI T F , LI Q , YU X , et al . Network security situational awareness model based on topological vulnerability analysis [J ] . Journal of Computer Applications , 2018 , 38 ( S2 ): 157 - 163 , 169 .

IOANNOU G , LOUVIERIS P , CLEWLEY N . A Markov multi-phase transferable belief model for cyber situational awareness [J ] . IEEE Access , 2019 , 7 : 39305 - 39320 .

李骏韬 . 基于DNS流量和威胁情报的APT检测研究 [D ] . 上海:上海交通大学 , 2016 .

LI J T . APT detection research based on DNS traffic and threat intelligence [D ] . Shanghai:Shanghai JiaoTong University , 2016 .

李炜键 , 金倩倩 , 郭靓 . 基于威胁情报共享的安全态势感知和入侵意图识别技术研究 [J ] . 计算机与现代化 , 2017 ( 3 ): 65 - 70 .

LI W J , JIN Q Q , GUO L . Research on security situation awareness and intrusion intention recognition based on threat intelligence sharing [J ] . Computer and Modernization , 2017 ( 3 ): 65 - 70 .

杨泽明 , 李强 , 刘俊荣 , 等 . 面向攻击溯源的威胁情报共享利用研究 [J ] . 信息安全研究 , 2015 , 1 ( 1 ): 31 - 36 .

YANG Z M , LI Q , LIU J R , et al . Research of threat intelligence sharing and using for cyber attack attribution [J ] . Journal of Information Security Research , 2015 , 1 ( 1 ): 31 - 36 .

MAVROEIDIS V , BROMANDER S . Cyber threat intelligence model:an evaluation of taxonomies,sharing standards,and ontologies within cyber threat intelligence [C ] // 2017 European Intelligence and Security Informatics Conference . Piscataway:IEEE Press , 2017 : 91 - 98 .

SADIQUE F , CHEUNG S , VAKILINIA I , et al . Automated structured threat information expression (STIX) document generation with privacy preservation [C ] // 2018 9th IEEE Annual Ubiquitous Computing,Electronics ＆ Mobile Communication Conference . Piscataway:IEEE Press , 2018 : 847 - 853 .

ZHANG H , YI Y , WANG J , et al . Network security situation awareness framework based on threat intelligence [J ] . Computers,Materials and Continua , 2018 , 56 ( 3 ): 381 - 399 .

YANG S , WEI X . Research on optimization model of network attack-defense game [C ] // 2017 8th IEEE International Conference on Software Engineering and Service Science . Piscataway:IEEE Press , 2017 : 426 - 429 .

LIPPMANN R P , FRIED D J , GRAF I , et al . Evaluating intrusion detection systems:the 1998 DARPA off-line intrusion detection evaluation [J ] . Proceedings DARPA Information Survivability Conference and Exposition DISCEX’00 , 2000 , 2 ( 2 ): 12 - 26 .

席荣荣 , 云晓春 , 张永铮 , 等 . 一种改进的网络安全态势量化评估方法 [J ] . 计算机学报 , 2015 , 38 ( 4 ): 749 - 758 .

XI R R , YUN X C , ZHANG Y Z , et al . An improved quantitative evaluation method for network security [J ] . Chinese Journal of Computers , 2015 , 38 ( 4 ): 749 - 758 .

SHARAFALDIN I , HABIBI LASHKARI A , GHORBANI A A . Toward generating a new intrusion detection dataset and intrusion traffic characterization [C ] // Proceedings of the 4th International Conference on Information Systems Security and Privacy . Piscataway:IEEE Press , 2018 : 108 - 116 .

李希灿 . 模糊数学方法及应用 [M ] . 北京 : 化学工业出版社 , 2016 .

LI X C . Fuzzy mathematics method and application [M ] . Beijing : Chemical Industry Press , 2016 .

韩敏娜 . 基于多传感器数据融合的网络安全态势评估及预测模型研究 [D ] . 无锡:江南大学 , 2013 .

HAN M N . The research on the assessment and prediction model of network security situation based on multi-sensor data fusion [D ] . Wuxi:Jiangnan University , 2013 .

雷杰 . 网络安全威胁与态势评估方法研究 [D ] . 武汉:华中科技大学 , 2008 .

LEI J . Research on the network security threat and situation assessment [D ] . Wuhan:Huazhong University of Science and Technology , 2008 .

卢鹏 . 网络安全态势量化评估方法研究与应用 [D ] . 成都:电子科技大学 , 2019 .

LU P . Research and application of network security situation quantitative evaluation method [D ] . Chengdu:University of Electronic Science and Technology of China , 2019 .

赵迪 . 面向佯攻的虚实攻击链构造及检测方法的研究与实现 [D ] . 北京:北京交通大学 , 2019 .

ZHAO D . Research and implementation of construction and detection methods of virtual attack and real attack chains for feint attacks [D ] . Beijing:Beijing Jiaotong University , 2019 .

浏览量

893

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于博弈论的社交网络转发控制机制

基于博弈论的门限签名体制分析与构造

DRM博弈控制分析

基于改进马尔可夫链的高效域名生成算法

基于大语言模型的网络威胁情报知识图谱构建技术研究