Method for actively acquiring and aggregating data based on multi-source intelligence

Abstract

The invention provides a method for actively acquiring and aggregating data based on multi-source intelligence. The method comprises the following steps: S1, acquiring IOC data; executing the step S2;S2, performing multi-information-source broadcasting on the IOC data; executing the step S3; S3, mapping the information data obtained by broadcasting in the step S2 into an information dimension; executing the step S4; and S4, aggregating the data of the information dimension. According to the invention, active collection and polymerization are carried out; the method can effectively solve the problems that existing intelligence data is incomplete in dimension and not rich in context information, is beneficial to forming an overall portrait of threat intelligence, effectively improves the capabilities of analysis dimension, threat intelligence reliability calculation and threat influence evaluation in an actual application scene based on the rich intelligence data, and strengthens the deep application of the threat intelligence.

Description

technical field [0001] The invention relates to an information collection method, in particular to a method for actively collecting and aggregating data based on multi-source intelligence. Background technique [0002] Threat intelligence has been used in security detection, security defense, and traceability application scenarios, and in actual application scenarios, it has exerted its rapid and comprehensive early warning capabilities to effectively prevent unknown threat intrusions. However, in the actual application process, after machine-readable IOCs such as threat IPs and threat domain names are detected to generate threats, it is difficult to evaluate the real impact of the IOC in the network environment due to insufficient background knowledge and intelligence dimensions. , and it is difficult to provide the next step of decision-making. [0003] The existing intelligence data aggregation technology solution is a passive data aggregation technology, that is, to map...

AI Technical Summary

Problems solved by technology

However, in the actual application process, after machine-readable IOCs such as threat IPs and threat domain names are detected to generate threats, it is difficult to evaluate the real impact of the IOC in the network environment due to insufficient background knowledge and intelligence dimensions. , and it is difficult to provide the next decision

[0003] The existing intelligence data aggregation technology solution is a passive data aggregation technology, that is, to map and correlate the data that can be collected. However, in the actual application process, it will be found that the type of aggregated data is incomplete. The status quo, such as regulations, will lead to the low richness of most intelligence data dimensions, or the omission of important intelligence data. Indeed, passive data aggregation is difficult to meet the quality requirements of intelligence data and the application of practical auxiliary judgment and decision-making.

Images