A Network Threat Intelligence Sharing Model

Abstract

The invention discloses a network threat information sharing model which comprises a data layer, a platform layer, a sharing layer and an application layer which longitudinally pass through threat information sharing. The network threat information sharing model aims to solve the problems that unified standards are absent between existing network threat information automatic processing and cross-department information sharing, the information sharing efficiency is low, and the leakage risk is caused by sharing. In order to provided the unified specifications and standards for cross-department information sharing, the network threat information sharing model comprises data sharing type standards, sharing protocol standards and the like; for the problem that the sharing efficiency is low, a mixed sharing technology is provided, and that is to say, the requirements of different information sharing applications are met by the modes such as concentrated sharing and point-to-point sharing; and for the leakage risk caused by sharing, an information sharing level classification method is provided, the sharing range of information is limited by different categories, and the leakage risk caused by excessive sharing is lowered.

Description

technical field [0001] The invention relates to a network threat intelligence sharing model. Background technique [0002] Cyber ​​threat intelligence (Cyber ​​Threat Intelligence, CTI) is to protect cyberspace resources from threats, using the experience and skills of security experts and professional groups to generate relevant information about security and threats, including vulnerabilities, threats, characteristics, lists The knowledge carrier of content, attributes, solutions, etc. is a new direction that has developed along with the rise of APT attacks in recent years. With the emergence of new threats in cyberspace, the research on network threat intelligence has attracted more and more attention. Pay attention to the development of cyberspace threat intelligence, and actively promote the introduction of relevant intelligence policies and standard formulation in terms of strategy, so that government agencies can better coordinate and share intelligence information. I...

AI Technical Summary

Problems solved by technology

[0006] In order to overcome the shortcomings of the prior art, the present invention provides a network threat intelligence sharing model, which aims to solve the current lack of unified specifications, low efficiency of intelligence sharing and intelligence due to The problem of the risk of disclosure caused by sharing

The present invention first proposes a threat intelligence sharing model, which provides unified norms and standards for the sharing of cross-departmental network threat intelligence, including data sharing format standards, sharing protocol standards, etc.; a hybrid sharing technology is proposed for the problem of low sharing efficiency , that is, centralized sharing, point-to-point sharing and other modes meet the needs of different intelligence sharing applications; in view of the problem of leaking risks brought about by sharing, a classification method for intelligence sharing levels is proposed, and the scope of intelligence sharing is limited according to different classifications, reducing the risk caused by excessive sharing. hidden danger of leaking

Images