A threat information generation method and device

An intelligence and text technology, applied in the field of information processing, can solve the problem that it is difficult for security personnel to understand and apply the protection system, and the accuracy of entity recognition and relationship extraction of threat intelligence cannot achieve the expected results, so as to facilitate understanding and reduce intelligence. False positives and false positives, the effect of addressing lack of context

Active Publication Date: 2019-06-18
BEIHANG UNIV
View PDF5 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the existing technologies mainly have the following two deficiencies. First, the accuracy of entity recognition and relationship extraction of threat intelligence cannot achieve the expected results. Second, the threat intelligence extracted from a single document only carries a very small amount of context. Information, such isolated intrusion indicators (Indicators Of Compromise, IOC) are difficult for security personnel to understand and apply to the protection system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A threat information generation method and device
  • A threat information generation method and device
  • A threat information generation method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] Various exemplary embodiments of the present application will now be described in detail with reference to the accompanying drawings. It should be noted that the relative arrangements of components and steps, numerical expressions and numerical values ​​set forth in these embodiments do not limit the scope of the present application unless specifically stated otherwise.

[0021] At the same time, it should be understood that, for the convenience of description, the sizes of the various parts shown in the drawings are not drawn according to the actual proportional relationship.

[0022] The following description of at least one exemplary embodiment is merely illustrative in nature and in no way serves as any limitation of the application, its application or uses.

[0023] Techniques, methods and devices known to those of ordinary skill in the relevant art may not be discussed in detail, but where appropriate, such techniques, methods and devices should be considered part...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a threat intelligence generation method and device, and the method comprises the steps: collecting description texts of various types of security events, and collecting a vulnerability database and an attack utilization database; Filtering a first type of description text from the collected description text by using a regular expression to obtain a second type of description text, the first type of description text not comprising a threat field, and the second type of description text comprising a threat field; Classifying the second type of description text by using aconvolutional neural network to obtain a real threat information text and a false positive case threat information text; Extracting entities from the real threat information text, extracting a relationship between the entities, and generating triple information based on the relationship between the entities; And generating a threat intelligence knowledge map based on the triple information.

Description

technical field [0001] The present application relates to information processing technologies, and in particular to a method and device for generating threat intelligence based on knowledge graphs. Background technique [0002] In recent years, network attack incidents have occurred frequently, the scope of influence has become wider and wider, and network attack technology has continued to improve, and more threatening zero-day (0day) attacks, Advanced Persistent Threat (Advanced Persistent Threat, APT) attacks and other attack methods have emerged in an endless stream. , Traditional static security protection measures based on rule matching (such as firewalls, intrusion detection systems (Intrusion Detection Systems, IDS)) are difficult to effectively identify and block this new type of unknown attack. In order to deal with such new types of network attacks, academia and industry have proposed active defense methods based on threat intelligence. However, the existing tech...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/27G06F16/2458G06F16/35G06F16/36G06F16/9535G06N3/04G06N3/08
Inventor 李建欣赵军何祖逖朱天晨顾展鹏张日崇
Owner BEIHANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap