Method for actively acquiring and aggregating data based on multi-source intelligence

A technology of aggregated data and active collection, applied in electrical components, transmission systems, etc., can solve problems such as difficult decision-making, difficult intelligence data quality requirements, and incomplete aggregated data types, so as to strengthen in-depth applications, improve analysis dimensions, and solve incomplete dimensions Effect

Active Publication Date: 2020-02-07
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF10 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in the actual application process, after machine-readable IOCs such as threat IPs and threat domain names are detected to generate threats, it is difficult to evaluate the real impact of the IOC in the network environment due to insufficient background knowledge and intelligence dimensions. , and it is difficult to provide the next decision
[0003] The existing intelligence data aggregation technology solution is a passive data aggregation technology, that is, to map and correlate the data that can be collected. However, in the actual application process, it will be found that the type of aggregated data is incomplete. The status quo, such as regulations, will lead to the low richness of most intelligence data dimensions, or the omission of important intelligence data. Indeed, passive data aggregation is difficult to meet the quality requirements of intelligence data and the application of practical auxiliary judgment and decision-making.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for actively acquiring and aggregating data based on multi-source intelligence
  • Method for actively acquiring and aggregating data based on multi-source intelligence
  • Method for actively acquiring and aggregating data based on multi-source intelligence

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] Embodiment 1, a method for actively collecting and aggregating data based on multi-source intelligence, such as figure 1 As shown, the present invention mainly performs query, extraction, analysis, and mapping on multiple types of intelligence sources by actively broadcasting existing threat IOC data (including threat IP, domain name, and file HASH), and finally aggregates them into the IOC Multi-dimensional data enriches intelligence context information.

[0042] Include the following steps:

[0043] S1. Obtain IOC data;

[0044] From the threat intelligence database, extract the IOC data with a low degree of perfection, and extract the IOC data with a low degree of perfection based on IP / domain name / HASH as the main type.

[0045] S2, multi-source broadcasting;

[0046] Broadcast the obtained IOC data with a low degree of perfection to multi-channel intelligence sources. The processing method of this broadcast mechanism is:

[0047] Use the threat IP / domain name / H...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for actively acquiring and aggregating data based on multi-source intelligence. The method comprises the following steps: S1, acquiring IOC data; executing the step S2;S2, performing multi-information-source broadcasting on the IOC data; executing the step S3; S3, mapping the information data obtained by broadcasting in the step S2 into an information dimension; executing the step S4; and S4, aggregating the data of the information dimension. According to the invention, active collection and polymerization are carried out; the method can effectively solve the problems that existing intelligence data is incomplete in dimension and not rich in context information, is beneficial to forming an overall portrait of threat intelligence, effectively improves the capabilities of analysis dimension, threat intelligence reliability calculation and threat influence evaluation in an actual application scene based on the rich intelligence data, and strengthens the deep application of the threat intelligence.

Description

technical field [0001] The invention relates to an information collection method, in particular to a method for actively collecting and aggregating data based on multi-source intelligence. Background technique [0002] Threat intelligence has been used in security detection, security defense, and traceability application scenarios, and in actual application scenarios, it has exerted its rapid and comprehensive early warning capabilities to effectively prevent unknown threat intrusions. However, in the actual application process, after machine-readable IOCs such as threat IPs and threat domain names are detected to generate threats, it is difficult to evaluate the real impact of the IOC in the network environment due to insufficient background knowledge and intelligence dimensions. , and it is difficult to provide the next step of decision-making. [0003] The existing intelligence data aggregation technology solution is a passive data aggregation technology, that is, to map...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1441H04L63/1433H04L61/4511
Inventor 金丽慧范渊杨勃
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products