A method and system for actively verifying suspicious threat indicators based on open source information
An indicator and suspicious technology, applied in the field of active verification of suspicious threat indicators, can solve the problems of inability to monitor open intelligence sources, incomplete open intelligence sources, and high cost, and achieve the effect of avoiding low intelligence coverage, easy implementation, and low cost.
Active Publication Date: 2020-08-25
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF10 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
This approach is passive, complex
Moreover, the public intelligence sources for fixed-point monitoring are incomplete, and it is impossible to monitor all public intelligence sources
In addition, it is necessary to analyze and organize information from different intelligence sources, which is costly
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0038] The present invention will be described in further detail below through specific embodiments and accompanying drawings.
[0039] This embodiment provides an active verification system for suspicious threat indicators based on open source information, such as figure 1 As shown, it includes: query design module, information collection module, data processing module, model training module, and index verification module.
[0040] The query design module is used to design a specific query statement to complete the query combination of suspicious threat indicators and specific scenarios, so as to quickly locate all public information related to suspicious threat indicators on the Internet;
[0041] The information collection module is used to collect and crawl the result information retrieved on the Internet according to specific query statements, so as to provide knowledge basis for the later verification of suspicious threat indicators.
[0042] The data processing module ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The present invention relates to a suspicious threat index active validation method and system based on source-opening information. The method comprises the following steps of: 1) designing a specialquery statement, wherein the special query statement is combination of suspicious threat indexes and special scenes; 2) collecting and crawling result information obtained through retrieval on the internet according to the special query statement; 3) performing structuring processing of the related source-opening information in the result information to obtain structural data; 4) employing the structural data to fully learn the hidden features and train a corresponding classification model; and 5) employing the classification model to verify the malevolence of the suspicious threat indexes inthe special scenes so as to identify the network threat. The system comprises a query design module, an information collection module, a data processing module, a model training module and an index verification module. The suspicious threat index active validation method and system based on source-opening information can efficiently and accurately complete the verification of the suspicious threatindexes to help users with identification of high-class threat attack so as to ensure network safety.
Description
technical field [0001] The invention belongs to the technical field of cyberspace security, and in particular relates to an active verification method and system for suspicious threat indicators based on open source information. Background technique [0002] In recent years, advanced network threats represented by APT (Advanced Persistent Threats) have grown rapidly and become increasingly complex. In order to ensure network security, some security companies, security vendors, or security researchers will publish professional articles such as security reports and technical blogs on the Internet to analyze existing advanced threat attacks and their technical details. This information helps people quickly understand the evolution and implementation process of existing cyber threats, discover early signs of attacks in a timely manner, and make appropriate defense responses. [0003] Suspicious threat indicators refer to indicators found in network traffic or logs that are not ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/08H04L63/1416H04L63/205
Inventor 亚静张盼盼柳厅文王玉斌李全刚王学宾时金桥
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI