检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:杨泽明[1] 李强[1] 刘俊荣[1] 刘宝旭[1]
出 处:《信息安全研究》2015年第1期31-36,共6页Journal of Information Security Research
摘 要:网络空间安全形势日益复杂,攻击溯源成为安全防护体系面临的重要技术挑战,威胁情报的出现为攻击溯源提供了多来源数据支撑,从而使得大范围的攻击溯源成为可能.为实现有效的攻击溯源,基于结构化威胁信息表达方法,提出了一种精简模式的威胁情报共享利用框架,包含威胁情报表示、交换和利用3个方面,以实现对攻击行为的追踪溯源。以有关C2信息为例描述了威胁情报的共享利用表达方式,对该共享利用框架进行了验证,表明相关结果具有实用性,可以为攻击溯源工作提供新的技术手段。另外,还基于对威胁情报的理解,提出了共享利用机制建设的若干思考.Abstract With the increasingly complexity of cyberspace security, the attack attribution has become an important challenge for the security protection system. The emergence of threat intelligence provided plentiful data source support for the attack attribution, which makes large-scale attack attribution became possible. To realize effective attack attribution 9 based on the structure expression of the threat information, a light weight framework of threat intelligence sharing and utilization was proposed. It included threat intelligence expression, exchange and utilization? which can achieve the attack attribution result. Take the case of C2 relevant information, we described the expression of threat intelligence sharing and utilization,and verified the framework. Results show that the framework is practical and can provide new technical means for attack attribution. In addition, based on the understanding of threat intelligence, several thinking about the construction of sharing and utilization mechanisms were promoted in the end.
关 键 词:攻击溯源 威胁情报 结构化威胁信息表达 恶意代码 网络空间安全
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.16.81.94