Network security knowledge graph generation method based on threat intelligence

A network security and knowledge map technology, applied in the field of industrial control network security, can solve the problems of low quality network security knowledge map, high data quality requirements, wrong prediction of network attack behavior, etc., to reduce the false positive rate and improve the overall data The effect of improving quality, improving accuracy and efficiency

Pending Publication Date: 2021-08-20
STATE GRID LIAONING ELECTRIC POWER RES INST +1
View PDF11 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] 1. Low data quality, high data false positive rate, and missing or wrong attributes of data entities are common problems in open source threat intelligence on the Internet.
Low-quality threat intelligence data will inevitably lead to the problem of low quality of the generated network security knowledge map, which cannot correctly perceive the network security situation and make wrong predictions about the current network attack behavior
The current data quality improvement algorithm mainly relies on the truth-value discovery algorithm, which is mostly used in the single-truth discovery problem, and cannot adapt to the situation that entities in the network security threat intelligence data have multiple truth values ​​and the network security threat intelligence data has strong temporal The traditional truth discovery algorithm assumes that the truth does not change with time. This assumption of weak sensitivity to time changes will inevitably lead to the inability of the existing truth discovery algorithms to adapt to the quality improvement of network security threat intelligence data.
[0007] 2. The existing entity recognition and entity relationship extraction methods are mainly based on traditional rule recognition, machine learning and the recently popular deep learning methods, which require a large number of labeled text data samples and require high data quality
Although the above methods have been widely used in other fields such as natural language processing, due to the lack of large-scale high-quality security entity labeling data in the field of network security, the mixing of multiple entity types in the data, and the different entity category labels in the full text of the data, etc. , making it difficult to apply the above method to entity recognition and entity relationship extraction in the field of network security
[0008] At present, there are no effective network security entity recognition and entity relationship extraction methods in the field of network security.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network security knowledge graph generation method based on threat intelligence
  • Network security knowledge graph generation method based on threat intelligence
  • Network security knowledge graph generation method based on threat intelligence

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0101] The present invention is a method for generating network security knowledge map based on threat intelligence, such as figure 1 as shown, figure 1 is a process diagram of the threat intelligence-based network security knowledge map generation method of the present invention. The specific generation process of the network security knowledge map of the present invention includes the following steps: high-efficiency distributed threat intelligence data collection, network security data set production, network security threat intelligence data quality improvement, network security entity identification, network security entity relationship extraction and data organization . The steps are described in detail below:

[0102] Step 1. Efficient distributed threat intelligence data collection.

[0103] Generating a network security knowledge map requires a large amount of network security threat intelligence data. In order to collect open source threat intelligence data on the...

Embodiment 2

[0178] This embodiment provides a method for generating a network security knowledge map based on threat intelligence, which is tested for a distributed threat intelligence crawling system.

[0179] The present invention compares the developed distributed threat intelligence crawling system with the stand-alone threat intelligence collection system, and verifies that the developed distributed threat intelligence crawling system has higher efficiency than the stand-alone threat intelligence collection system. Taking common open source threat intelligence sources as an example, the distributed crawler system has 1 master node and 2 slave nodes. After 5 days of continuous operation, the database has stored a total of more than 110,000 web page data. The number of pages crawled at each time point such as Figure 7 as shown, Figure 7 It is the data collection time chart of the distributed crawler system developed in the present invention for threat intelligence data collection. ...

Embodiment 3

[0182] This embodiment provides a method for generating a network security knowledge map based on threat intelligence, and compares the effects of algorithms for improving the quality of threat intelligence data.

[0183] The present invention compares the effect of improving the quality of entity attributes of threat intelligence data by using the proposed algorithm of the present invention and other truth value discovery algorithms on threat intelligence data. The test standard selects the precision rate, recall rate and F1 value commonly used in the truth discovery model. The truth-finding algorithms for comparison are 3-Estimates, Voting, and LTM. The comparative effect is shown in Table 1. It can be seen that the quality improvement algorithm proposed in the present invention is better than the existing algorithm in improving the quality of threat intelligence data.

[0184] Table 1 is a table of comparison results of different data quality improvement algorithms in the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of industrial control network security, and particularly relates to a network security knowledge graph generation method based on threat intelligence. Comprising the steps of collecting high-efficiency distributed threat intelligence data; making a network security threat intelligence data set through a distributed threat intelligence crawling system; improving the network security threat intelligence data quality; performing network security entity identification on the manufactured network security threat intelligence data set; extracting a network security entity relationship; and organizing data. Through a large number of experiments, it is verified that the threat intelligence data quality improvement algorithm, network security threat intelligence, entity recognition and entity relation extraction in an intelligence text and the quality of a generated knowledge graph are all remarkably improved; and the invention has good local network weakness visualization capability and attack pre-judgment analysis capability.

Description

technical field [0001] The invention belongs to the technical field of industrial control network security, and in particular relates to a method for generating a network security knowledge graph based on threat intelligence. Background technique [0002] With the rapid development of network technology, all walks of life have introduced a large number of network technologies to improve productivity, followed by network security issues. As the network security situation becomes increasingly complex, threat intelligence-driven network security dynamic defense has become the focus of the industry. Threat intelligence has the characteristics of rich data content, high accuracy, and strong real-time performance, and can often reflect the attack chain of the entire attack event, so it has extremely high application and analysis value. [0003] As a comprehensive data integration and organization method, knowledge graph can effectively extract attack information from massive thre...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F16/36G06F16/28
CPCG06F16/367G06F16/288
Inventor 李桐刘一涛刘刚王刚赵桐周小明宋进良姚羽刘扬王磊李广翱陈得丰刘莹杨智斌耿洪碧杨巍任帅陈剑李欢张彬王琛佟昊松孙茜孙赫阳何立帅赵玲玲李菁菁姜力行杨滢璇范维杨璐羽刘芮彤
Owner STATE GRID LIAONING ELECTRIC POWER RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap