燕山大学学报2024,Vol.48Issue(4):369-376,8.DOI:10.3969/j.issn.1007-791X.2024.04.009
网络威胁情报分析框架研究和实现
Research and implementation of cyber threat intelligence analysis framework
摘要
Abstract
Cyber Threat Intelligence(CTI)is based on a large amount of network threat intelligence data.Through information sharing and mass collaboration,rapid early warning,detection and response to network threat can be achieved.How to quickly and accurately extract network security information from massive CTI reports has become a hot and difficult research topic.In this article,a framework for analyzing cyber threat intelligence is proposed,and the current full cycle processing process for cyber threat intelligence is summarized.An application example under this framework is given:creating an open CTI dataset based on the BRAT tagging system,proposing an entity and relationship information extraction algorithm,realizing the association cognition of malicious IP domain names based on heterogeneous information maps,etc.Finally,the embedded expression based on the combination of XLnet and cyber security dictionary is proposed,which makes the accuracy rate of Named-entity recognition reach 95.27%,and serves as the reference and experimental baseline for the analysis and comparison of cyber threat intelligence entities′recognition,which is the basis of CTI analysis.关键词
网络威胁情报/深度学习/多头注意力机制/命名实体识别Key words
cyber threat intelligence/deep learning/multihead attention mechanism/named entity recognition分类
信息技术与安全科学引用本文复制引用
何发镁,刘润时,贾赛男,岳桓州,王旭仁..网络威胁情报分析框架研究和实现[J].燕山大学学报,2024,48(4):369-376,8.基金项目
国家自然科学基金资助项目(61872252) (61872252)
中科院战略先导项目(XDC02030200) (XDC02030200)
