Unlock instant, AI-driven research and patent intelligence for your innovation.

Threat intelligence identification method and device, electronic equipment and storage medium

An identification method and intelligence technology, applied in the field of network security, can solve problems such as low utilization efficiency, low intelligence identification efficiency, and difficulty in finding threats, so as to avoid losses, improve utilization efficiency and identification efficiency.

Active Publication Date: 2022-02-01
北京微步在线科技有限公司
View PDF9 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, the main source of existing intelligence acquisition is intelligence exchange and sharing, but the current exchange and sharing methods are all outside the security system system, through manual communication methods such as emails, instant messaging tools, and verbal notifications, and manual sorting is required. Use, or manually analyze by creating analysis rules in the log analysis platform, it is difficult to find threats in the first time, and it is impossible to obtain effective intelligence in the first time, resulting in low intelligence identification efficiency and low utilization efficiency

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Threat intelligence identification method and device, electronic equipment and storage medium
  • Threat intelligence identification method and device, electronic equipment and storage medium
  • Threat intelligence identification method and device, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0056] figure 1 is a schematic flowchart of a method for identifying threat intelligence provided by an embodiment of the present application, such as figure 1 As shown, the method includes:

[0057] S1, obtaining threat intelligence information in a threat intelligence database;

[0058] S2, performing feature extraction on threat intelligence information to obtain threat intelligence features;

[0059] S3, integrating threat intelligence features to obtain threat intelligence files;

[0060] S4, obtaining network traffic;

[0061] S5, performing feature matching on threat intelligence files and network traffic to obtain network traffic threat intelligence;

[0062] S6. Generate a log of the address corresponding to the network traffic threat intelligence.

[0063] In the above implementation process, through the method of identifying and marking threat intelligence information, the utilization efficiency and identification efficiency of threat intelligence are improved, t...

Embodiment 2

[0097] In order to implement the method corresponding to Embodiment 1 above to achieve corresponding functions and technical effects, a threat intelligence identification device is provided below, such as figure 2 As shown, the device includes:

[0098] The obtaining module 1 is used to obtain threat intelligence information of the threat intelligence database; it is also used to obtain network traffic;

[0099] The feature extraction module 2 is used for feature extraction of threat intelligence information to obtain threat intelligence features;

[0100] An integration module 3 is used to integrate threat intelligence features and obtain threat intelligence files;

[0101] The matching module 4 is used to perform feature matching on threat intelligence files and network traffic to obtain network traffic threat intelligence;

[0102] The generating module 5 is configured to generate a log of addresses corresponding to network traffic threat intelligence.

[0103] In the a...

Embodiment 3

[0115] An embodiment of the present application provides an electronic device, including a memory and a processor, the memory is used to store a computer program, and the processor runs the computer program to enable the electronic device to execute the method for identifying threat information in Embodiment 1.

[0116] Optionally, the above-mentioned electronic device may be a server.

[0117] See image 3 , image 3 It is a schematic diagram of the structure and composition of the electronic device provided in the embodiment of the present application. The electronic device may include a processor 31 , a communication interface 32 , a memory 33 and at least one communication bus 34 . Wherein, the communication bus 34 is used to realize the direct connection and communication of these components. Wherein, the communication interface 32 of the device in the embodiment of the present application is used for signaling or data communication with other node devices. The proces...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a threat intelligence identification method and device, electronic equipment and a storage medium, and the method comprises the steps: obtaining threat intelligence information of a threat intelligence database; performing feature extraction on the threat intelligence information to obtain threat intelligence features; integrating the threat intelligence characteristics to obtain a threat intelligence file; acquiring network traffic; performing feature matching on the threat intelligence file and the network traffic to obtain network traffic threat intelligence; and generating a log of the address corresponding to the network traffic threat intelligence. By implementing the embodiment of the invention, the network threat can be found in time through the threat intelligence, and the recognition efficiency and the utilization efficiency of the threat intelligence are improved.

Description

technical field [0001] The present application relates to the technical field of network security, in particular, to a threat intelligence identification method, device, electronic equipment, and computer-readable storage medium. Background technique [0002] Since the threat intelligence information of the attacker during the exercise is kept strictly confidential throughout the entire exercise, the defender usually obtains threat intelligence in two ways. [0003] However, the main source of existing intelligence acquisition is intelligence exchange and sharing, but the current exchange and sharing methods are all outside the security system system, through manual communication methods such as emails, instant messaging tools, and verbal notifications, and manual sorting is required. Using, or manually analyzing by creating analysis rules in the log analysis platform, it is difficult to find threats in the first time, and it is impossible to obtain effective intelligence in...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40
CPCH04L63/1416
Inventor 熊天翼赵林林薛锋
Owner 北京微步在线科技有限公司