Network threat collaborative defense system and method based on information sharing

Abstract

The invention belongs to the technical field of network security, and particularly relates to a network threat cooperative defense system and method based on information sharing. The method comprisesthe steps: deploying a central server and a plurality of safety mechanisms which train an intrusion detection model based on respective local threat information databases; after the model updating parameters are encrypted, uploading the ciphertext to a central server; and employing the central server for aggregating the received ciphertext to obtain global model updating parameters through decryption and broadcasting the global model updating parameters to all security mechanisms so as to update the local intrusion detection model of each security mechanism. Based on the federated learning framework, multiple security mechanisms can be helped to jointly establish a system defense model, the method can be suitable for multiple machine learning models, multiple collusion attack scenes can beresisted, the applicability is high, and the anti-attack performance of the network is improved.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a network threat cooperative defense system and method based on intelligence sharing. Background technique [0002] Various attacks in the current network emerge in an endless stream, posing a major threat to important infrastructure in the network. With the development of machine learning, researchers began to realize that there is a large amount of data containing intrusion or attack information in the network infrastructure. Using these data to train the network active defense system based on machine learning can effectively detect possible abnormal behaviors . However, due to the ever-increasing cybercrime rate and increasingly complex cyber threat scenarios, it is difficult for organizations to build a sufficiently accurate intrusion detection model to defend against cyber attacks based on their own data alone. More and more organizations and enterpris...

AI Technical Summary

Problems solved by technology

However, at this stage, the sharing of network threat intelligence still faces the following challenges: (1) security agencies do not trust each other and are unwilling to share data; (2) due to privacy protection or commercial competition considerations, some agencies are unwilling to share the network with others Threat intelligence; (3) Threat intelligence may expose the information of the organization and affect the reputation of the organization

[0003] At present, relevant research has proposed a privacy protection framework for cyber threat intelligence sharing, using group signatures to hide the identity of each organization, but this scheme cannot protect the data of the organization; there are also models of privacy issues in cyber threat intelligence sharing as participants and A game between attackers, but it can only reason about a sharing strategy, but it cannot provide a practical solution to protect shared network threat intelligence; or raise many alarms by discussing alarm correlation in a cooperative intrusion detection system associated application methods, but does not consider privacy concerns in threat intelligence sharing

Images