基于区块链的威胁情报共享及评级技术研究  被引量：4

作　　者：程叶霞 付俊[3] 陈东[4] 杜跃进 CHENG Yexia;FU Jun;CHEN Dong;DU Yuejin(School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093;Department of Security Technology,China Mobile Research Institute,Beijing 100053;Department of Network,China MobileCommunications Group,Beijing 100033;360 Group,Beijing,100015)

机构地区：[1]中国科学院大学网络空间安全学院,北京100049 [2]中国科学院信息工程研究所,北京100093 [3]中国移动通信研究院安全技术研究所,北京100053 [4]中国移动通信集团网络事业部,北京100033 [5]360集团,北京100015

出　　处：《信息通信技术与政策》2020年第2期19-24,共6页Information and Communications Technology and Policy

基　　金：国家自然科学基金项目(No.61702508,No.61572481,No.61602470)资助。

摘　　要：随着计算机和网络技术的快速发展,网络安全事件频发,安全漏洞不断,威胁情报的作用和价值越来越大。基于区块链的开放、共识、自治和去中心、去信任、不可篡改、可追溯等特点,提出了通过区块链技术构建威胁情报信息的区块,包括IP地址信息、域名信息、URL信息、安全事件信息、漏洞信息、威胁情报源可信度、威胁情报源贡献率等;并设计了基于区块链的威胁情报共享和评级系统,给出了相应的基于区块链的威胁情报共享方法和评级方法,可以实现及时有效获取及分析出最新、最有价值的威胁情报信息,从而及时进行防护及应急响应,促进整个威胁情报生态的闭环持续有效开展。With the rapid development of computer and network technology,cyber security incidents occur frequently and security vulnerabilities are emerging endlessly,so the role and value of threat intelligence are increasing.Based on the characteristics of blockchain such as openness,consensus,autonomy and decentralization,trustlessness,nontampering,and traceability,the paper proposes using blockchain technology to build blocks of threat intelligence information,including IP address information,domain name information,URLs Information,security incident information,vulnerability information,threat intelligence source credibility,threat intelligence source contribution rate,etc.A threat intelligence sharing and rating system based on blockchain is designed in the paper,and the corresponding threat intelligence sharing method and rating method based on blockchain are given.It can acquire and analyze the latest and most valuable threat intelligence information timely and effectively,so as to perform protection and emergency response timely,and promote the continuous and effective development of the closed loop of the entire threat intelligence ecosystem.

关 键 词：威胁情报 区块链 共享 评级 

分 类 号：D035[政治法律—政治学] TP311.13[自动化与计算机技术—计算机软件与理论] TP393.08[自动化与计算机技术—计算机科学与技术]