计算机科学 ›› 2018, Vol. 45 ›› Issue (6): 9-18.doi: 10.11896/j.issn.1002-137X.2018.06.002
杨沛安1,2, 武杨1,3, 苏莉娅1,3, 刘宝旭1,3
YANG Pei-an1,2, WU Yang1,3, SU Li-ya1,3, LIU Bao-xu1,3
摘要: 如今,以高级可持续威胁(APT)为代表的新型攻击越来越多,传统安全防御手段捉襟见肘,网络空间安全态势日趋严峻。威胁情报具有数据内容丰富、准确性高、可自动化处理等特点,将其用于网络安全分析中可以有效提高安全防御能力。因此,威胁情报越来越被关注,学术界和产业界已针对威胁情报分析与共享开展了相应研究。文中首先对威胁情报的价值、意义进行了分析,并对威胁情报和威胁情报厂商进行了分类;然后重点从威胁情报共享技术面临的主要问题出发,分析和总结了学术界和产业界针对这些问题进行的研究与尝试;最后展望了威胁情报共享领域未来的研究内容。
中图分类号:
[1]LI J H.Overview of the technologies of threat intelligence sen-sing,sharing and analysis in cyber space [J].Chinese Journal of Network and Information Security,2016,2(2):16-29.(in Chinese) 李建华.网络空间威胁情报感知、共享与分析技术综述[J].网络与信息安全学报,2016,2(2):16-29. [2]MA M H,FANG T,WANG Y.Analysis and Enlightenment of US Cybersecurity Information Sharing Mechanism [J].Journal of Intelligence,2016,35(3):17-23.(in Chinese) 马民虎,方婷,王玥.美国网络安全信息共享机制及对我国的启示[J].情报杂志,2016,35(3):17-23. [3]CNCERT/CC.2016中国移动互联网发展状况及其安全报告[R].北京:互联网应急响应中心,2016. [4]SUN Z.The Attack and Defense Technology Research of Advanced Persistent Threat[D].Shanghai:Shanghai Jiao Tong University,2015.(in Chinese) 孙增.高级持续性威胁(APT)的攻防技术研究[D].上海:上海交通大学,2015. [5]CUI Y H,YAN L S,LI S F,et al.SD-Anti-DDoS:Fast and Efficient DDoS Defense in Software-Defined Networks [J].Journal of Network and Computer Applications,2016,68:65-79. [6]YANG Z M,LI Q,LIU J R,et al.Research of Threat Intelligence Sharing and Using for Cyber Attack Attribution [J].Journal of Information Security Research,2015,1(1):31-36.(in Chinese) 杨泽明,李强,刘俊荣,等.面向攻击溯源的威胁情报共享利用研究 [J].信息安全研究,2015,1(1):31-36. [7]OASIS.stix-v2.0-csprd01-part1-stix-core[EB/OL].[2017-02-24].https://oasis-open.github.io/cti-documentation/stix/review. [8]BIANCO D J.The Pyramid of Pain:Intel-Driven Detection & Response to Increase Your Adversary’s Cost of Operations[EB/OL].http://rvasec.com/slides/2014/Bianco_Pyramid%20of%20Pain.pdf. [9]FireEye.APT28:At the Center of the Storm [EB/OL].[2017-01-11].https://www.fireeye.com/blog/threat-research/2017/01/apt28_at_the_center.html. [10]360天眼实验室.OceanLotus(海莲花)APT分析报告[EB/OL].http://bobao.360.cn/news/detail/1601.html. [11]秉泽.“暗网”:你所不了解的互联网 [J].保密工作,2016(2):47-48. [12]LI X.Research and Implementation of Identification for Tor Anonymous Communication Based on Meek[D].Beijing:Beijing Jiaotong University,2016.(in Chinese) 李响.基于Meek的Tor匿名通信识别方法的研究和实现[D].北京:北京交通大学,2016. [13]Eclectic Iq.ABOUT STIX AND TAXII[OL].https://www.eclecticiq.com/stix-taxii. [14]OASIS Cyber Threat Intelligence (CTI) TC.About STIX[EB/OL] .https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cti-stix. [15]OASIS Cyber Threat Intelligence (CTI) TC,The MITRE Corporation.TAXII 2.0 Draft 2[OL].https://docs.google.com/document/d/1eyhS3-fOlRkDB6N39Md6KZbvbCe3CjQlampiZPg-5u4. [16]OASIS Cyber Threat Intelligence (CTI) TC.CybOX 2.1[OL].[2014-01-23].https://cyboxproject.github.io/releases/2.1. [17]BURGER E W,GOODMAN M D,KAMPANASKIS P,et al. Taxonomy Model for Cyber Threat Intelligence Information Exchange Technologies [C]//Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security (WISCS’14).New York:ACM,2014:51-60. [18]LIAO X J,YUAN K,WANG X F,et al.Acing the IOC Game:Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS’16).New York:ACM,2016:755-766. [19]MANDIANT.Sophisticated Indicators for the Modern Threat Landscape:An Introduction to OpenIOC[EB/OL]. http://openioc.org/resources/An_Introduction_to_OpenIOC.pdf. [20]BROWN S,GOMMERS J,SERRANO O.From Cyber Security Information Sharing to Threat Management[C]//Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security.New York:ACM,2015:43-49. [21]FIELD J,BANGHART S,WALTERMIRE D.Resource-Oriented Lightweight Information Exchange draft-ietf-mile-rolie-01[EB/OL].(2015-12-02).https://tools.ietf.org/html/draft-ietf-mile-rolie-01. [22]STEINBERGER J,SPEROTTO A,GOLLING M,et al.How to exchange security events Overview and evaluation of formats and protocols [C]//IFIP/IEEE International Symposium on Integrated Network Management.New York:IEEE,2015:261-269. [23]STEINBERGER J,SPEROTTO A,BAIER H,et al.Collaborative attack mitigation and response:A survey[C]//IFIP/IEEE International Symposium on Integrated Network Management.New York:IEEE,2015:910-913. [24]KAMPANAKIS P,PERROS H,BEYENE T.SDN-based solutions for Moving Target Defense network protection[C]//IEEE International Symposium on World of Wireless,Mobile and Multimedia Networks.New York: IEEE,2014:1-6. [25]TAKAHASHI T,MIYAMOTO D.Structured cyber security information exchange for streamlining incident response operations[C]//NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium.New York:IEEE,2016:949-954. [26]USSATH M,JAEGER D,FENG C,et al.Pushing the Limits of Cyber Threat Intelligence:Extending STIX to Support Complex Patterns[M]// Information Technology:New Generations.New York:Springer International Publishing,2016:25-44. [27]USSATH M,FENG C,MEINEL C.Concept for a security investigation framework[C]//International Conference on New Technologies,Mobility and Security.New York:IEEE,2015:1-5. [28]ASGARLI E,BURGER E.Semantic ontologies for cyber threat sharing standards[C]//2016 IEEE Symposium on Technologies for Homeland Security (HST).Waltham:IEEE,2016:1-6. [29]ZHAO W,WHITE G.A collaborative information sharing framework for Community Cyber Security[C]//Homeland Security.New York:IEEE,2012:457-462. [30]KAMPANAKIS P.Security Automation and Threat Information-Sharing Options [J].IEEE Security & Privacy Magazine,2014,12(5):42-51. [31]VÁZQUEZ D F,ACOSTA O P,BROWN S,et al.Conceptual framework for cyber defense information sharing within trust relationships [M].New York:IEEE,2012. [32]HAASS J C,AHN G J,GRIMMELMANN F.ACTRA:A Case Study for Threat Information Sharing[C]//Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security(WISCS 2015).New York:ACM,2015:23-26. [33]SANDHU R,KRISHNAN R,WHITE G B.Towards Secure Information Sharing models for community Cyber Security[C]//International Conference on Collaborative Computing:Networking,Applications and Worksharing.New York:IEEE,2010:1-6. [34]TOSH D,SENGUPTA S,KAMHOUA C A,et al.Establishing evolutionary game models for cyber security information exchange (CYBEX) [J/OL].Journal of Computer & System Scien-ces,http://www.sciencedirect.com/science/article/pii/S002200001630085X?via%3Dihub. [35]KAMHOUA C,MARTIN A,TOSH D K,et al.Cyber-Threats Information Sharing in Cloud Computing:A Game Theoretic Approach[C]//IEEE CS Cloud.New York:IEEE,2015:382-389. [36]GARRIDO-PELAZ R,PASTRANA S.Shall We Collaborate?:A Model to Analyse the Benefits of Information Sharing[C]//ACM on Workshop on Information Sharing and Collaborative Security.New York:ACM,2016:15-24. [37]QIAN P,WU M,LIU Z.A Method on Homomorphic Encryption Privacy-preserving for Cloud Computing [J].Journal of Chinese Computer Systems,2015,36(4):840-844.(in Chinese) 钱萍,吴蒙,刘镇.面向云计算的同态加密隐私保护方法[J].小型微型计算机系统,2015,36(4):840-844. [38]WANG S H,HAN Z J,CHEN D W,et al.New construction of secure range query on encrypted data in cloud computing [J].Journal of Communications,2015,36(2):33-41.(in Chinese) 王少辉,韩志杰,陈丹伟,等.云环境下安全密文区间检索方案的新设计 [J].通信学报,2015,36(2):33-41. [39]CAI K,ZHANG M,FENG D G.Secure Range Query with Single Assertion on Encrypted Data [J].Chinese Journal of Computers,2011,34(11):2093-2103.(in Chinese) 蔡克,张敏,冯登国.基于单断言的安全的密文区间检索[J].计算机学报,2011,34(11):2093-2103. [40]TIAN H B,HE J J,FU L Q.A Privacy Preserving Fair Contract Signing Protocol based on Block Chains [J].Journal of Cryptologic Research,2017,4(2):187-198.(in Chinese) 田海博,何杰杰,付利青.基于公开区块链的隐私保护公平合同签署协议 [J].密码学报,2017,4(2):187-198. [41]SHEN X,PEI Q Q,LIU X F.Survey of block chain [J].Chinese Journal of Network and Information Security,2016,2(11):11-20.(in Chinese) 沈鑫,裴庆祺,刘雪峰.区块链技术综述[J].网络与信息安全学报,2016,2(11):11-20. [42]LI Y,HE J B,LI J H,et al.Research of America Cyber Threat Intelligence Sharing Frameworks and Standers [J].Secrecy Scien-ce and Technology,2016(6):16-21.(in Chinese) 李瑜,何建波,李俊华,等.美国网络威胁情报共享技术框架与标准浅析[J].保密科学技术,2016(6):16-21. [43]LIN C X,XUE L M,HAN S.Analysis of the development and application of Network Security Threat Intelligence [J].Network Security Technology and Application,2016(6):12-13.(in Chinese) 林晨希,薛丽敏,韩松.浅析网络安全威胁情报的发展与应用[J].网络安全技术与应用,2016(6):12-13. [44]ZHANG Q,LI J H.Research on real time performance analysis of information sharing model based on publish-subscribe [J].Military Operations Research and Systems Engineering,2013,27(1):33-35.(in Chinese) 张强,李建华.基于发布/订阅的信息共享模型实时性能分析研究[J].军事运筹与系统工程,2013,27(1):33-35. [45]JASPER S E U S.Cyber Threat Intelligence Sharing Frameworks[J].International Journal of Intelligence & Counterintelligence,2017,30(1):53-65. [46]QAMAR S,ANWAR Z,RAHMAN M A,et al.Data-driven analytics for cyber-threat intelligence and information sharing [J].Computers & Security,2017,67:35-58. [47]AGRAWAL R,EVFIMIEVSKI A,SRIKANT R.Information sharing across private databases[C]//Proceedings of the 2003 ACM SIGMOD International Conference on Management of Data.New York:ACM,2003:86-97. [48]APPALA S,CAM-WINGET N,MCGREW D,et al.An Actionable Threat Intelligence system using a Publish-Subscribe communications model[C]//ACM Workshop on Information Sharing and Collaborative Security.New York:ACM,2015:61-70. [49]DOG S E,TWEED A,ROUSE L R,et al.Strategic Cyber Threat Intelligence Sharing:A Case Study of IDS Logs[C]//International Conference on Computer Communication and Networks.New York:IEEE,2016:1-6. [50]KSHETRI N.Recent US Cybersecurity Policy Initiatives:Challenges and Implications [J].Computer,2015,48(7):64-69. [51]CHRISTOPHER A,AUDREY D.OCTAVESM*Threat Profiles[EB/OL].http://trygstad.rice.iit.edu:8000/Audits/octave/OCTAVEThreatProfiles(CERT).pdf. [52]SILLABER C,SAUERWEIN C,MUSSMANN A,et al.Data Quality Challenges and Future Research Directions in Threat Intelligence Sharing Practice[C]//ACM on Workshop on Informa-tion Sharing and Collaborative Security.New York:ACM,2016:65-70. |
[1] | 黎嵘繁, 钟婷, 吴劲, 周帆, 匡平. 基于时空注意力克里金的边坡形变数据插值方法 Spatio-Temporal Attention-based Kriging for Land Deformation Data Interpolation 计算机科学, 2022, 49(8): 33-39. https://doi.org/10.11896/jsjkx.210600161 |
[2] | 么晓明, 丁世昌, 赵涛, 黄宏, 罗家德, 傅晓明. 大数据驱动的社会经济地位分析研究综述 Big Data-driven Based Socioeconomic Status Analysis:A Survey 计算机科学, 2022, 49(4): 80-87. https://doi.org/10.11896/jsjkx.211100014 |
[3] | 孔钰婷, 谭富祥, 赵鑫, 张正航, 白璐, 钱育蓉. 基于差分隐私的K-means算法优化研究综述 Review of K-means Algorithm Optimization Based on Differential Privacy 计算机科学, 2022, 49(2): 162-173. https://doi.org/10.11896/jsjkx.201200008 |
[4] | 张亚迪, 孙悦, 刘锋, 朱二周. 结合密度参数与中心替换的改进K-means算法及新聚类有效性指标研究 Study on Density Parameter and Center-Replacement Combined K-means and New Clustering Validity Index 计算机科学, 2022, 49(1): 121-132. https://doi.org/10.11896/jsjkx.201100148 |
[5] | 马董, 李新源, 陈红梅, 肖清. 星型高影响的空间co-location模式挖掘 Mining Spatial co-location Patterns with Star High Influence 计算机科学, 2022, 49(1): 166-174. https://doi.org/10.11896/jsjkx.201000186 |
[6] | 徐慧慧, 晏华. 基于相对危险度的儿童先心病风险因素分析算法 Relative Risk Degree Based Risk Factor Analysis Algorithm for Congenital Heart Disease in Children 计算机科学, 2021, 48(6): 210-214. https://doi.org/10.11896/jsjkx.200500082 |
[7] | 张岩金, 白亮. 一种基于符号关系图的快速符号数据聚类算法 Fast Symbolic Data Clustering Algorithm Based on Symbolic Relation Graph 计算机科学, 2021, 48(4): 111-116. https://doi.org/10.11896/jsjkx.200800011 |
[8] | 张寒烁, 杨冬菊. 基于关系图谱的科技数据分析算法 Technology Data Analysis Algorithm Based on Relational Graph 计算机科学, 2021, 48(3): 174-179. https://doi.org/10.11896/jsjkx.191200154 |
[9] | 邹承明, 陈德. 高维大数据分析的无监督异常检测方法 Unsupervised Anomaly Detection Method for High-dimensional Big Data Analysis 计算机科学, 2021, 48(2): 121-127. https://doi.org/10.11896/jsjkx.191100141 |
[10] | 刘新斌, 王丽珍, 周丽华. MLCPM-UC:一种基于模式实例分布均匀系数的多级co-location模式挖掘算法 MLCPM-UC:A Multi-level Co-location Pattern Mining Algorithm Based on Uniform Coefficient of Pattern Instance Distribution 计算机科学, 2021, 48(11): 208-218. https://doi.org/10.11896/jsjkx.201000097 |
[11] | 刘晓楠, 宋慧超, 王洪, 江舵, 安家乐. Grover算法改进与应用综述 Survey on Improvement and Application of Grover Algorithm 计算机科学, 2021, 48(10): 315-323. https://doi.org/10.11896/jsjkx.201100141 |
[12] | 张煜, 陆亿红, 黄德才. 基于密度峰值的加权犹豫模糊聚类算法 Weighted Hesitant Fuzzy Clustering Based on Density Peaks 计算机科学, 2021, 48(1): 145-151. https://doi.org/10.11896/jsjkx.200400043 |
[13] | 游兰, 韩雪薇, 何正伟, 肖丝雨, 何渡, 潘筱萌. 基于改进Seq2Seq的短时AIS轨迹序列预测模型 Improved Sequence-to-Sequence Model for Short-term Vessel Trajectory Prediction Using AIS Data Streams 计算机科学, 2020, 47(9): 169-174. https://doi.org/10.11896/jsjkx.190800060 |
[14] | 袁得嵛, 章逸钒, 高见, 孙海春. 基于用户特征提取的新浪微博异常用户检测方法 Abnormal User Detection Method in Sina Weibo Based on User Feature Extraction 计算机科学, 2020, 47(6A): 364-368. https://doi.org/10.11896/JsJkx.190700008 |
[15] | 张素梅, 张波涛. 一种基于量子耗散粒子群的评估模型构建方法 Evaluation Model Construction Method Based on Quantum Dissipative Particle Swarm Optimization 计算机科学, 2020, 47(6A): 84-88. https://doi.org/10.11896/JsJkx.190900148 |
|