基于区块链的网络安全威胁情报共享模型  被引量：46

作　　者：黄克振 连一峰[1] 冯登国[1] 张海霞[1] 刘玉岭[1,2] 马向亮 Huang Kezhen;Lian Yifeng;Feng Dengguo;Zhang Haixia;Liu Yuling;Ma Xiangliang(Trusted Computing and Information Assurance Laboratory,Institute of Software,Chinese Academy of Sciences,Beijing 100190;University of Chinese Academy of Sciences,Beijing 100049)

机构地区：[1]中国科学院软件研究所可信计算与信息保障实验室,北京100190 [2]中国科学院大学,北京100049

出　　处：《计算机研究与发展》2020年第4期836-846,共11页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(U1836211);公安部技术研究计划项目(2018JSYJA08)。

摘　　要：在不断加剧的网络安全攻防对抗过程中,攻防双方存在着天然的不对称性,网络安全威胁情报共享利用是一种有效提高防护方响应能力和效果的手段.然而威胁情报共享利用中的隐私保护需求与构建完整攻击链的需求之间存在矛盾.针对上述矛盾点,提出一种基于区块链的网络安全威胁情报共享模型,利用了区块链技术的账户匿名性和不可篡改性,使用单向加密函数保护情报中的隐私信息,基于加密后的情报构建完整攻击链,借助区块链的回溯能力完成攻击链中攻击源的解密.最后,通过实验验证了该模型的可行性和有效性.In the process of increasing cyber security attack and defense confrontation,there is a natural asymmetry between the offensive and defensive sides.The CTI(cyber security threat intelligence)sharing is an effective method to improve the responsiveness and effectiveness of the protection party.However,there is a contradiction between the privacy protection requirements of CTI sharing and the need to build a complete attack chain.Aiming at the above contradiction,this paper proposes a blockchain-based CTI sharing model,which uses the account anonymity of the blockchain technology to protect the privacy of CTI sharing party,and at the same time utilizes the tamper-free and accounting of the blockchain technology to prevent the“free-riding”behavior in CTI sharing and guarantee the benefit of CTI sharing party.The one-way encryption function is used to protect the private information in CTI,then the model uses the encrypted CTI to build a complete attack chain,and uses the traceability of the blockchain technology to complete the decryption of the attack source in the attack chain.The smart contract mechanism of the blockchain technology is used to implement an automated early warning and response against cyber security threats.Finally,the feasibility and effectiveness of the proposed model are verified by simulation experiments.

关 键 词：网络安全 网络安全威胁情报 攻击链 隐私保护 区块链 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]