Safety device threat intelligence sharing method based on lightweight field body

Abstract

The invention relates to the technical field of threat intelligence and discloses a safety device threat intelligence sharing method based on a lightweight field body. The safety device threat intelligence sharing method comprises the following steps that 1, the lightweight body is adopted as an inter-device information communication medium, and a threat intelligence general-field body is established; 2, an intelligence producer localizes the threat intelligence general-field body, obtains original threat intelligence information from network space and converts and maps the original threat intelligence information into lightweight body knowledges; 3, an intelligence forwarding person forwards the lightweight body knowledges to an intelligence user based on body communication service; 4, the intelligence user converts and adapts the received lightweight body knowledges into locally dedicated strategy descriptions acting on operation of network space. The safety device threat intelligence sharing accuracy is improved, the expansibility, content correlation, interface opening and concept consistency capability of inter-device threat intelligence interaction is improved, and the threat intelligence sharing efficiency is improved.

Description

technical field [0001] The invention relates to the technical field of threat intelligence, in particular to a security device threat intelligence sharing method based on a lightweight domain ontology. Background technique [0002] At present, cyberspace threats are continuously increasing, and incidents of cyber attacks, data theft, and financial fraud continue to emerge, which have brought great threats and hidden dangers to the safe operation of cyberspace. The importance of the intelligence role in this attacker-defender game cannot be overlooked. On the one hand, the attacker needs comprehensive information and intelligence on the target to launch precise and targeted attacks; on the other hand, due to the high degree of uncertainty of the attack, the defender relies more on the collection and processing of intelligence for effective deployment, control and response . Intelligence in cyberspace is to protect cyberspace resources from threats and is mainly used in the ...

AI Technical Summary

Problems solved by technology

The format fields of the current protocol are strictly limited at the beginning of the design, which is poor in flexibility, difficult to expand, and limited in expressive ability;

[0005] (2) Content association of threat intelligence interaction between security devices

[0006] (3) Openness of interfaces for threat intelligence interaction between security devices

The protocol is mainly realized by the dedicated and closed modules developed by the manufacturers themselves, and the workload of information adaptation and transfer between multiple manufacturers is huge;

[0007] (4) The conceptual consistency of threat intelligence interaction between security devices

The definitions of the key elements of the protocol are not uniform and arbitrary, and it is difficult to form a consistent agreement and cognition on the concepts, terms and values ​​​​of the security field between devices of different manufacturers

[0008] The above problems make it extremely difficult to interconnect and interoperate threat intelligence information between devices of different manufacturers, and it is difficult to advance the automation process

Images