作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2020, Vol. 46 ›› Issue (1): 136-143. doi: 10.19678/j.issn.1000-3428.0051157

• 网络空间安全 • 上一篇    下一篇

面向攻击识别的威胁情报画像分析

杨沛安1,2, 刘宝旭1,3, 杜翔宇1,3   

  1. 1. 中国科学院大学, 北京 100049;
    2. 中国科学院高能物理研究所, 北京 100049;
    3. 中国科学院信息工程研究所, 北京 100093
  • 收稿日期:2018-11-10 修回日期:2018-12-15 出版日期:2020-01-15 发布日期:2018-12-16
  • 作者简介:杨沛安(1988-),男,博士研究生,主研方向为网络信息安全;刘宝旭,研究员、博士生导师;杜翔宇,博士研究生。
  • 基金资助:
    北京市科委基金(Z161100002616032)。

Portrait Analysis of Threat Intelligence for Attack Recognition

YANG Peian1,2, LIU Baoxu1,3, DU Xiangyu1,3   

  1. 1. University of Chinese Academy of Sciences, Beijing 100049, China;
    2. Institute of High Energy Physics, Chinese Academy of Sciences, Beijing 100049, China;
    3. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
  • Received:2018-11-10 Revised:2018-12-15 Online:2020-01-15 Published:2018-12-16

摘要: 新型网络攻击向高隐蔽性、高持久性和高扩散性的方向发展,导致攻击识别与检测难度骤增。为提高网络攻击识别的效率与准确性,提出一种面向攻击识别的威胁情报画像分析方法。建立攻击画像数据表达规范,基于Killchain模型和攻击原理,构建威胁属性状态转移关系的挖掘模型,提取属性状态转移序列。在此基础上,利用有色Petri网攻击图在因果关系处理和表达上的优势进行基于威胁属性的关联,并将相关要素与属性转换为要素原子图。通过要素融合算法对要素原子图进行融合,实现威胁情报画像分析。实际攻击事件分析过程中的应用结果表明,该方法能提高网络攻击识别准确度,并缩短攻击识别响应周期。

关键词: 攻击识别, 威胁情报, 情报分析, 攻击图, 关联分析

Abstract: New network attacks are getting more covert and persistent with a high proliferation,resulting in a sudden increase in the difficulty of attack recognition and detection. To improve the efficiency and accuracy of network attack recognition,this paper proposes a portrait analysis method of threat intelligence for attack recognition. Based on the Killchain model and the principles of attack process,this method builds data representation standards for attack graph,so as to build a mining model of transition relationships between threat attribute states. Then the attribute state transition sequence is extracted. On this basis,the this method takes advantages of the Colored Petri Net(CPN) attack graph in causality processing and expression to associate threat attributes,and converts related elements and attributes to an Element Atomic Graph(EAG).The EAG is fused using the element fusion algorithm to implement portrait analysis of threat intelligence.Application results in actual attack analysis demonstrate that the proposed method can improve accuracy of network attack recognition,and shorten the response period of attack recognition.

Key words: attack recognition, threat intelligence, intelligence analysis, attack graph, association analysis

中图分类号: