A Traceability Method of Network Attacks Combining Threat Intelligence and Knowledge Graph
[Research purpose]Attack traceability is an important part of cyberspace security assurance.Faced with the characteristics of massive,heterogeneous and diverse cyberspace data and loose structure,it is urgent to combine big data analysis with artificial intelligence to effectively identify the threat of enemy attacks,trace the attack chain and the attack organization behind it,and implement targeted de-fense.[Research method]Aiming at the problem that it is difficult to identify attack threat characteristics,this paper proposes a knowl-edge graph driven network attack traceability method.First,an attack event framework is constructed with vulnerability utilization action as the core,and alarm correlation is implemented on an event basis to reconstruct attack scenarios.On this basis,the threat fingerprint knowl-edge graph is used to integrate the published threat intelligence knowledge,extract the threat features in the attack scene as fingerprints,an-alyze the similarity between the two,and trace the attackers.[Research conclusion]The experimental results show that this method can enrich the context information of attack behavior by using the attack event framework,and effectively trace the attackers based on the knowledge graph,thus making use of the existing threat intelligence of attackers to enhance the comprehensiveness of advanced sustainable attack threat feature recognition.
万方数据
维普
