Check patentability & draft patents in minutes with Patsnap Eureka AI!

A method and system for verifying suspicious threat indicators based on multi-instance learning

A multi-example learning and indicator verification technology, applied in the field of suspicious threat indicator verification method and system, can solve the problems of ignoring the semantic information of intelligence information, no way to guarantee the accuracy rate, and high false positive rate of verification, so as to reduce manual investment and error interference , improve accuracy, and strengthen the effect of active analysis

Active Publication Date: 2021-06-01
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The manual verification method based on security experts often relies on the experience accumulated by security experts to manually analyze and sort out existing intelligence information, and the labor cost is high.
[0005] The verification method based on rule matching directly applies regular expressions to match suspicious indicators, ignoring the semantic information in intelligence information, resulting in a high false positive rate of verification
[0006] The verification method based on specific context words needs to collect candidate context words in advance, and then extract the context words matching in the intelligence information. This method is complex, and if the candidate set is not updated in time, the accuracy of verification cannot be guaranteed.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for verifying suspicious threat indicators based on multi-instance learning
  • A method and system for verifying suspicious threat indicators based on multi-instance learning

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0045] Example 1 A Suspicious Threat Indicator Verification Method Based on Multi-instance Learning

[0046] The present invention is applicable to automatic verification of various types of suspicious threat indicators. Example Take the suspicious APT domain name as an example to illustrate the specific application of the present invention.

[0047] For some suspicious APT domain names and multiple pieces of threat intelligence information related to them, this method can be used to automatically verify whether they are malicious domain names in APT attacks. Here are the specific steps:

[0048] 1) Preprocessing of relevant intelligence information

[0049] Take a suspicious APT domain name "jerrycoper.org" as an example to illustrate the preprocessing steps. There are currently 3 threat information reports related to it. First, match the suspicious APT domain name in each report and replace it with the specific phrase "IS_APT_DOMAIN" , to avoid the impact of different sus...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and system for verifying suspicious threat indicators based on multi-instance learning. The method is as follows: processing the intelligence information text content related to each suspicious threat indicator to generate a word sequence containing original semantic information; for each suspicious threat indicator, selecting a plurality of processed word sequences corresponding to the suspicious threat indicator , using a multi-instance learning algorithm to train the word sequences corresponding to each of the selected suspicious indicators and generate a multi-instance learning and verification model; using natural language processing technology to process the intelligence information text of the suspicious threat indicators to be tested, and generate the to-be-tested The word sequence corresponding to the threat indicator can be used; then, the multi-instance learning and verification model is used to predict and verify the word sequence corresponding to the suspicious threat indicator to be tested, and determine whether the suspicious threat indicator to be predicted is a malicious threat indicator. The invention can efficiently and accurately complete the verification of suspicious threat indicators.

Description

technical field [0001] The invention relates to the field of cyberspace security, in particular to a method and system for verifying suspicious threat indicators based on multi-instance learning. Background technique [0002] Suspicious threat indicator verification is to judge the maliciousness of suspicious indicators appearing in the network or logs, that is, to determine whether they are real malicious threat indicators. Verifying suspicious threat indicators can identify network threats in a timely manner and ensure network security. [0003] For specific suspicious threat indicators, it can be verified based on relevant intelligence information. At present, there are mainly three types of verification methods of this type: one is the manual verification method based on security experts, that is, using security experts to analyze the collected relevant intelligence information to manually determine the threat of suspicious indicators; the other is the verification meth...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F16/9535G06F40/30G06F40/284G06F40/289G06N3/04
CPCG06F40/284G06F40/289G06F40/30G06F16/9535G06N3/045
Inventor 柳厅文张盼盼亚静李全刚时金桥
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com