网络空间威胁情报共享技术综述

doi:10.11896/j.issn.1002-137X.2018.06.002

Abstract

Abstract: Nowadays,new kinds of cyber-attacks,such as APT and DDoS,have lower concealment,lower attack cost and huge attack effect.These advantages can let them easily escape from the detection of traditional cyber-attack mea-sures.Cyber-space security situation is becoming more and more severe.The detection and prevention of these attacks have become much harder.CTI(Cyber Threat Intelligence) based network defence has been proved to be a promising strategy to address this problem.In this case,both academic and business circle have put many efforts on CTI analysis and sharing.This paper introduced the meaning and value of CTI.Then aiming at the sharing for threat intelligence,it studied and reviewed the works and developments in CTI sharing deeply.In the end,it looked ahead to the future study of CTI sharing.

Key words: Cyberspace security, Data mining, Intelligence sharing, Threat intelligence

CLC Number:

TP309.2

YANG Pei-an, WU Yang, SU Li-ya, LIU Bao-xu. Overview of Threat Intelligence Sharing Technologies in Cyberspace[J].Computer Science, 2018, 45(6): 9-18.

References

[1]LI J H.Overview of the technologies of threat intelligence sen-sing,sharing and analysis in cyber space [J].Chinese Journal of Network and Information Security,2016,2(2):16-29.(in Chinese)
李建华.网络空间威胁情报感知、共享与分析技术综述[J].网络与信息安全学报,2016,2(2):16-29.
[2]MA M H,FANG T,WANG Y.Analysis and Enlightenment of US Cybersecurity Information Sharing Mechanism [J].Journal of Intelligence,2016,35(3):17-23.(in Chinese)
马民虎,方婷,王玥.美国网络安全信息共享机制及对我国的启示[J].情报杂志,2016,35(3):17-23.
[3]CNCERT/CC.2016中国移动互联网发展状况及其安全报告[R].北京:互联网应急响应中心,2016.
[4]SUN Z.The Attack and Defense Technology Research of Advanced Persistent Threat[D].Shanghai:Shanghai Jiao Tong University,2015.(in Chinese)
孙增.高级持续性威胁(APT)的攻防技术研究[D].上海:上海交通大学,2015.
[5]CUI Y H,YAN L S,LI S F,et al.SD-Anti-DDoS:Fast and Efficient DDoS Defense in Software-Defined Networks [J].Journal of Network and Computer Applications,2016,68:65-79.
[6]YANG Z M,LI Q,LIU J R,et al.Research of Threat Intelligence Sharing and Using for Cyber Attack Attribution [J].Journal of Information Security Research,2015,1(1):31-36.(in Chinese)
杨泽明,李强,刘俊荣,等.面向攻击溯源的威胁情报共享利用研究 [J].信息安全研究,2015,1(1):31-36.
[7]OASIS.stix-v2.0-csprd01-part1-stix-core[EB/OL].[2017-02-24].https://oasis-open.github.io/cti-documentation/stix/review.
[8]BIANCO D J.The Pyramid of Pain:Intel-Driven Detection & Response to Increase Your Adversary’s Cost of Operations[EB/OL].http://rvasec.com/slides/2014/Bianco_Pyramid%20of%20Pain.pdf.
[9]FireEye.APT28:At the Center of the Storm [EB/OL].[2017-01-11].https://www.fireeye.com/blog/threat-research/2017/01/apt28_at_the_center.html.
[10]360天眼实验室.OceanLotus(海莲花)APT分析报告[EB/OL].http://bobao.360.cn/news/detail/1601.html.
[11]秉泽.“暗网”:你所不了解的互联网 [J].保密工作,2016(2):47-48.
[12]LI X.Research and Implementation of Identification for Tor Anonymous Communication Based on Meek[D].Beijing:Beijing Jiaotong University,2016.(in Chinese)
李响.基于Meek的Tor匿名通信识别方法的研究和实现[D].北京:北京交通大学,2016.
[13]Eclectic Iq.ABOUT STIX AND TAXII[OL].https://www.eclecticiq.com/stix-taxii.
[14]OASIS Cyber Threat Intelligence (CTI) TC.About STIX[EB/OL] .https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cti-stix.
[15]OASIS Cyber Threat Intelligence (CTI) TC,The MITRE Corporation.TAXII 2.0 Draft 2[OL].https://docs.google.com/document/d/1eyhS3-fOlRkDB6N39Md6KZbvbCe3CjQlampiZPg-5u4.
[16]OASIS Cyber Threat Intelligence (CTI) TC.CybOX 2.1[OL].[2014-01-23].https://cyboxproject.github.io/releases/2.1.
[17]BURGER E W,GOODMAN M D,KAMPANASKIS P,et al. Taxonomy Model for Cyber Threat Intelligence Information Exchange Technologies [C]//Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security (WISCS’14).New York:ACM,2014:51-60.
[18]LIAO X J,YUAN K,WANG X F,et al.Acing the IOC Game:Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS’16).New York:ACM,2016:755-766.
[19]MANDIANT.Sophisticated Indicators for the Modern Threat Landscape:An Introduction to OpenIOC[EB/OL]. http://openioc.org/resources/An_Introduction_to_OpenIOC.pdf.
[20]BROWN S,GOMMERS J,SERRANO O.From Cyber Security Information Sharing to Threat Management[C]//Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security.New York:ACM,2015:43-49.
[21]FIELD J,BANGHART S,WALTERMIRE D.Resource-Oriented Lightweight Information Exchange draft-ietf-mile-rolie-01[EB/OL].(2015-12-02).https://tools.ietf.org/html/draft-ietf-mile-rolie-01.
[22]STEINBERGER J,SPEROTTO A,GOLLING M,et al.How to exchange security events Overview and evaluation of formats and protocols [C]//IFIP/IEEE International Symposium on Integrated Network Management.New York:IEEE,2015:261-269.
[23]STEINBERGER J,SPEROTTO A,BAIER H,et al.Collaborative attack mitigation and response:A survey[C]//IFIP/IEEE International Symposium on Integrated Network Management.New York:IEEE,2015:910-913.
[24]KAMPANAKIS P,PERROS H,BEYENE T.SDN-based solutions for Moving Target Defense network protection[C]//IEEE International Symposium on World of Wireless,Mobile and Multimedia Networks.New York: IEEE,2014:1-6.
[25]TAKAHASHI T,MIYAMOTO D.Structured cyber security information exchange for streamlining incident response operations[C]//NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium.New York:IEEE,2016:949-954.
[26]USSATH M,JAEGER D,FENG C,et al.Pushing the Limits of Cyber Threat Intelligence:Extending STIX to Support Complex Patterns[M]// Information Technology:New Generations.New York:Springer International Publishing,2016:25-44.
[27]USSATH M,FENG C,MEINEL C.Concept for a security investigation framework[C]//International Conference on New Technologies,Mobility and Security.New York:IEEE,2015:1-5.
[28]ASGARLI E,BURGER E.Semantic ontologies for cyber threat sharing standards[C]//2016 IEEE Symposium on Technologies for Homeland Security (HST).Waltham:IEEE,2016:1-6.
[29]ZHAO W,WHITE G.A collaborative information sharing framework for Community Cyber Security[C]//Homeland Security.New York:IEEE,2012:457-462.
[30]KAMPANAKIS P.Security Automation and Threat Information-Sharing Options [J].IEEE Security & Privacy Magazine,2014,12(5):42-51.
[31]VÁZQUEZ D F,ACOSTA O P,BROWN S,et al.Conceptual framework for cyber defense information sharing within trust relationships [M].New York:IEEE,2012.
[32]HAASS J C,AHN G J,GRIMMELMANN F.ACTRA:A Case Study for Threat Information Sharing[C]//Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security(WISCS 2015).New York:ACM,2015:23-26.
[33]SANDHU R,KRISHNAN R,WHITE G B.Towards Secure Information Sharing models for community Cyber Security[C]//International Conference on Collaborative Computing:Networking,Applications and Worksharing.New York:IEEE,2010:1-6.
[34]TOSH D,SENGUPTA S,KAMHOUA C A,et al.Establishing evolutionary game models for cyber security information exchange (CYBEX) [J/OL].Journal of Computer & System Scien-ces,http://www.sciencedirect.com/science/article/pii/S002200001630085X?via%3Dihub.
[35]KAMHOUA C,MARTIN A,TOSH D K,et al.Cyber-Threats Information Sharing in Cloud Computing:A Game Theoretic Approach[C]//IEEE CS Cloud.New York:IEEE,2015:382-389.
[36]GARRIDO-PELAZ R,PASTRANA S.Shall We Collaborate?:A Model to Analyse the Benefits of Information Sharing[C]//ACM on Workshop on Information Sharing and Collaborative Security.New York:ACM,2016:15-24.
[37]QIAN P,WU M,LIU Z.A Method on Homomorphic Encryption Privacy-preserving for Cloud Computing [J].Journal of Chinese Computer Systems,2015,36(4):840-844.(in Chinese)
钱萍,吴蒙,刘镇.面向云计算的同态加密隐私保护方法[J].小型微型计算机系统,2015,36(4):840-844.
[38]WANG S H,HAN Z J,CHEN D W,et al.New construction of secure range query on encrypted data in cloud computing [J].Journal of Communications,2015,36(2):33-41.(in Chinese)
王少辉,韩志杰,陈丹伟,等.云环境下安全密文区间检索方案的新设计 [J].通信学报,2015,36(2):33-41.
[39]CAI K,ZHANG M,FENG D G.Secure Range Query with Single Assertion on Encrypted Data [J].Chinese Journal of Computers,2011,34(11):2093-2103.(in Chinese)
蔡克,张敏,冯登国.基于单断言的安全的密文区间检索[J].计算机学报,2011,34(11):2093-2103.
[40]TIAN H B,HE J J,FU L Q.A Privacy Preserving Fair Contract Signing Protocol based on Block Chains [J].Journal of Cryptologic Research,2017,4(2):187-198.(in Chinese)
田海博,何杰杰,付利青.基于公开区块链的隐私保护公平合同签署协议 [J].密码学报,2017,4(2):187-198.
[41]SHEN X,PEI Q Q,LIU X F.Survey of block chain [J].Chinese Journal of Network and Information Security,2016,2(11):11-20.(in Chinese)
沈鑫,裴庆祺,刘雪峰.区块链技术综述[J].网络与信息安全学报,2016,2(11):11-20.
[42]LI Y,HE J B,LI J H,et al.Research of America Cyber Threat Intelligence Sharing Frameworks and Standers [J].Secrecy Scien-ce and Technology,2016(6):16-21.(in Chinese)
李瑜,何建波,李俊华,等.美国网络威胁情报共享技术框架与标准浅析[J].保密科学技术,2016(6):16-21.
[43]LIN C X,XUE L M,HAN S.Analysis of the development and application of Network Security Threat Intelligence [J].Network Security Technology and Application,2016(6):12-13.(in Chinese)
林晨希,薛丽敏,韩松.浅析网络安全威胁情报的发展与应用[J].网络安全技术与应用,2016(6):12-13.
[44]ZHANG Q,LI J H.Research on real time performance analysis of information sharing model based on publish-subscribe [J].Military Operations Research and Systems Engineering,2013,27(1):33-35.(in Chinese)
张强,李建华.基于发布/订阅的信息共享模型实时性能分析研究[J].军事运筹与系统工程,2013,27(1):33-35.
[45]JASPER S E U S.Cyber Threat Intelligence Sharing Frameworks[J].International Journal of Intelligence & Counterintelligence,2017,30(1):53-65.
[46]QAMAR S,ANWAR Z,RAHMAN M A,et al.Data-driven analytics for cyber-threat intelligence and information sharing [J].Computers & Security,2017,67:35-58.
[47]AGRAWAL R,EVFIMIEVSKI A,SRIKANT R.Information sharing across private databases[C]//Proceedings of the 2003 ACM SIGMOD International Conference on Management of Data.New York:ACM,2003:86-97.
[48]APPALA S,CAM-WINGET N,MCGREW D,et al.An Actionable Threat Intelligence system using a Publish-Subscribe communications model[C]//ACM Workshop on Information Sharing and Collaborative Security.New York:ACM,2015:61-70.
[49]DOG S E,TWEED A,ROUSE L R,et al.Strategic Cyber Threat Intelligence Sharing:A Case Study of IDS Logs[C]//International Conference on Computer Communication and Networks.New York:IEEE,2016:1-6.
[50]KSHETRI N.Recent US Cybersecurity Policy Initiatives:Challenges and Implications [J].Computer,2015,48(7):64-69.
[51]CHRISTOPHER A,AUDREY D.OCTAVESM*Threat Profiles[EB/OL].http://trygstad.rice.iit.edu:8000/Audits/octave/OCTAVEThreatProfiles(CERT).pdf.
[52]SILLABER C,SAUERWEIN C,MUSSMANN A,et al.Data Quality Challenges and Future Research Directions in Threat Intelligence Sharing Practice[C]//ACM on Workshop on Informa-tion Sharing and Collaborative Security.New York:ACM,2016:65-70.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

Comments

Recommended 0

No Suggested Reading articles found!

Overview of Threat Intelligence Sharing Technologies in Cyberspace

PDF (PC)

Abstract

Cite this article

share this article

References

Related Articles 15

Metrics

Comments

Recommended 0

[1]	LI Rong-fan, ZHONG Ting, WU Jin, ZHOU Fan, KUANG Ping. Spatio-Temporal Attention-based Kriging for Land Deformation Data Interpolation [J]. Computer Science, 2022, 49(8): 33-39.
[2]	YAO Xiao-ming, DING Shi-chang, ZHAO Tao, HUANG Hong, LUO Jar-der, FU Xiao-ming. Big Data-driven Based Socioeconomic Status Analysis:A Survey [J]. Computer Science, 2022, 49(4): 80-87.
[3]	KONG Yu-ting, TAN Fu-xiang, ZHAO Xin, ZHANG Zheng-hang, BAI Lu, QIAN Yu-rong. Review of K-means Algorithm Optimization Based on Differential Privacy [J]. Computer Science, 2022, 49(2): 162-173.
[4]	MA Dong, LI Xin-yuan, CHEN Hong-mei, XIAO Qing. Mining Spatial co-location Patterns with Star High Influence [J]. Computer Science, 2022, 49(1): 166-174.
[5]	ZHANG Ya-di, SUN Yue, LIU Feng, ZHU Er-zhou. Study on Density Parameter and Center-Replacement Combined K-means and New Clustering Validity Index [J]. Computer Science, 2022, 49(1): 121-132.
[6]	XU Hui-hui, YAN Hua. Relative Risk Degree Based Risk Factor Analysis Algorithm for Congenital Heart Disease in Children [J]. Computer Science, 2021, 48(6): 210-214.
[7]	ZHANG Yan-jin, BAI Liang. Fast Symbolic Data Clustering Algorithm Based on Symbolic Relation Graph [J]. Computer Science, 2021, 48(4): 111-116.
[8]	ZHANG Han-shuo, YANG Dong-ju. Technology Data Analysis Algorithm Based on Relational Graph [J]. Computer Science, 2021, 48(3): 174-179.
[9]	ZOU Cheng-ming, CHEN De. Unsupervised Anomaly Detection Method for High-dimensional Big Data Analysis [J]. Computer Science, 2021, 48(2): 121-127.
[10]	LIU Xin-bin, WANG Li-zhen, ZHOU Li-hua. MLCPM-UC:A Multi-level Co-location Pattern Mining Algorithm Based on Uniform Coefficient of Pattern Instance Distribution [J]. Computer Science, 2021, 48(11): 208-218.
[11]	LIU Xiao-nan, SONG Hui-chao, WANG Hong, JIANG Duo, AN Jia-le. Survey on Improvement and Application of Grover Algorithm [J]. Computer Science, 2021, 48(10): 315-323.
[12]	ZHANG Yu, LU Yi-hong, HUANG De-cai. Weighted Hesitant Fuzzy Clustering Based on Density Peaks [J]. Computer Science, 2021, 48(1): 145-151.
[13]	YOU Lan, HAN Xue-wei, HE Zheng-wei, XIAO Si-yu, HE Du, PAN Xiao-meng. Improved Sequence-to-Sequence Model for Short-term Vessel Trajectory Prediction Using AIS Data Streams [J]. Computer Science, 2020, 47(9): 169-174.
[14]	DENG Tian-tian, XIONG Yin-qiao and HE Xian-hao. Novel Clustering Algorithm Based on Timing-featured Alarms [J]. Computer Science, 2020, 47(6A): 440-443.
[15]	LI Li. Classification Algorithm of Distributed Data Mining Based on Judgment Aggregation [J]. Computer Science, 2020, 47(6A): 450-456.