网络威胁情报处理方法综述  被引量：6

作　　者：吴沛颖 王俊峰[1,2] 崔泽源 范晓宇 葛文翰 林同灿 余坚 唐宾徽 WU Pei-Ying;WANG Jun-Feng;CUI Ze-Yuan;FAN Xiao-Yu;GE Wen-Han;LIN Tong-Can;YU Jian;TANG Bin-Hui(College of Computer Science,Sichuan University,Chengdu 610065,China;National Defense Key Laboratory of Visual Synthesis Graphics and Images,Sichuan University,Chengdu 610065,China;School of Cyber Science and Engineering,Sichuan University,Chengdu 610065,China)

机构地区：[1]四川大学计算机学院,成都610065 [2]四川大学视觉合成图形图像国防重点实验室,成都610065 [3]四川大学网络空间安全学院,成都610065

出　　处：《四川大学学报（自然科学版）》2023年第5期1-18,共18页Journal of Sichuan University(Natural Science Edition)

基　　金：国家重点研发计划(2022YFB3305200);国家自然科学基金(U2133208);四川省青年科技创新研究团队(2022JDTD0014)。

摘　　要：网络威胁情报是对网络攻击者的动机、行为等进行收集处理和分析的威胁行为知识集合.威胁情报文本包含丰富的攻击行为特征、恶意软件描述以及对系统所造成的影响等信息,能够帮助实现对攻击行为的建模分析.对网络威胁情报处理和分析能够帮助组织更好地理解威胁,从而做出更快、更有效的安全决策,并在网络威胁的响应和防御过程中由被动转向主动.然而,由于情报文本中复杂的语义信息和行为逻辑关系,从中识别和提取出有价值的关键信息和可操作建议一直存在着很大挑战.随着人工智能的快速发展,关于网络威胁情报关键信息的自动化提取的研究取得了一定进展.然而,目前还缺乏针对具体分析内容的处理方法的系统性分析与整理.本文首先介绍了网络威胁情报的相关基本概念;然后对威胁情报所能提供的关键信息及其价值进行阐述;随后对近年网络威胁情报处理的研究工作进行梳理和总结;最后,总结了网络威胁情报处理领域面临的挑战,并展望了未来的研究方向.Cyber threat intelligence is a collection of threat behavior knowledge that collects,processes,and analyzes the motives and behaviors of cyber attackers.Threat intelligence text contains rich attack behavior characteristics,malware description,and impact on the system,which can help realize the modeling and analysis of attack behavior.The processing and analysis of cyber threat intelligence can help organizations better understand threats,thereby making faster and more effective security decisions,and shifting from reactive to proactive in the response and defense of cyber threats.However,due to the complex semantic information and behavioral logic relationships in intelligence texts,it has always been a great challenge to identify and extract valuable key information and actionable suggestions from them.With the rapid development of artificial intelligence,the research on the automatic extraction of key information of network threat intelligence has made some progress.However,there is still a lack of systematic analysis and collation of the processing methods for the specific analysis content.This paper first introduces the relevant basic concepts of cyber threat intelligence.Then elaborates on the key information and value that threat intelligence can provide.Then sorts out and summarizes the research work on cyber threat intelligence processing in recent years.Finally,summarize the challenges faced in the field of network threat intelligence processing,and look forward to the future research direction.

关 键 词：网络威胁情报 攻击行为特征 深度学习 自动化提取 

分 类 号：TN915.08[电子电信—通信与信息系统]