Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network threat intelligence credibility identification method

An identification method and reliability technology, applied in data exchange networks, digital transmission systems, electrical components, etc., can solve the problems of the increase in the amount of intelligence, the impact of threat intelligence utilization efficiency, and the inability to measure threat intelligence indicators.

Inactive Publication Date: 2019-04-23
INST OF INFORMATION ENG CAS
View PDF0 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

On the one hand, due to the multi-source nature of threat intelligence, a single intelligence source cannot meet all needs, and subscription to multiple intelligence generates too many alarms; on the other hand, there are multi-level and multi-category correlations between threat As the level of analysis deepens, the amount of intelligence generated will increase exponentially
Second, there are a large number of false positive indicators in threat intelligence data, which affects the utilization efficiency of threat intelligence
The macro-assessment method takes the entire threat intelligence source as the evaluation object, evaluates and quantifies the quality of intelligence information from multiple dimensions such as relevance, accuracy, completeness, timeliness, and usability, and the results can measure the overall threat intelligence source. quality, but cannot measure specific threat intelligence metrics
The micro-assessment method takes a single threat intelligence indicator as the evaluation object, which can filter a large number of false positive intelligence indicators and reduce the amount of threat intelligence data. However, it is still mainly performed manually by domain experts and cannot be applied to large-scale threat intelligence data.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network threat intelligence credibility identification method
  • Network threat intelligence credibility identification method
  • Network threat intelligence credibility identification method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0012] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the purpose, features and advantages of the present invention more obvious and comprehensible, the technical core of the present invention will be further described in detail below in conjunction with examples.

[0013] In the present invention, a method for reputation measurement of network threat indicators is proposed.

[0014] The steps of this method include:

[0015] Step 1. Construct the correlation graph model of network threat intelligence. This module builds a network graph of threat intelligence relationships. The network graph of threat intelligence correlation is composed of nodes and edges, each node represents a network threat indicator, and the node types include IP, URL, Domain, Email, Incident, and MD5. The edge types are designed into three categories. Including associations based on analytical services, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network threat intelligence credibility identification method. The method disclosed by the invention comprises the following steps: 1) constructing an association diagram model of network threat intelligence, wherein a node on the diagram is a network threat indicator; 2) each network threat indicator has an initial reputation value, calculating the initial reputation value of each network threat indicator to serve as a part of a final threat reputation value of the indicator; 3) calculating a weight for each edge in the association diagram model; 4) designing a threat propagation algorithm via the idea of a diagram propagation algorithm, so that the threat reputation value is propagated step by step among the nodes and neighboring nodes, and then combining the threat reputation value with the initial reputation value of each network threat indicator to calculate a final reputation value; and 5) determining the network threat intelligence credibility accordingto the final reputation value of the network threat indicator. By adoption of the network threat intelligence credibility identification method disclosed by the invention, the quality of network threat intelligence can be better evaluated.

Description

technical field [0001] The invention relates to the field of computer network security, and is used for quantifying the quality of network threat intelligence, more specifically, a method for measuring the reputation of network threat indicators. Background technique [0002] Threat intelligence is evidence-based knowledge including scenarios, mechanisms, indicators, implications, and actionable recommendations. For existing or emerging threats, it can provide decision-making information for subjects to respond to related threats. Indicator of Comprosime (IoC for short) refers to the indicator data used to identify or point out a specific threat in a specific network environment or information system. Degree (reputation) is its key characteristic. Faced with new threats, threat intelligence has evolved from a vulnerability-centered defense idea to a threat-centered defense idea. Threat intelligence trades space for time. Compared with traditional security defenses, it can ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/142H04L41/145H04L63/1441
Inventor 杜翔宇姜政伟韩瑶鹏江钧宋秉华刘宝旭
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com