一种基于图注意力机制的威胁情报归因方法  

Threat intelligence attribution method based on graph attention mechanism

在线阅读下载全文

作  者:王婷 严寒冰[2] 郎波[1] WANG Ting;YAN Hanbing;LANG Bo(School of Computer Science and Engineering,Beihang University,Beijing 100191,China;National Computer Network Emergency Response Technical Team/Coordination Center of China,Beijing 100029,China)

机构地区:[1]北京航空航天大学计算机学院,北京100191 [2]国家计算机网络应急技术处理协调中心,北京100029

出  处:《北京航空航天大学学报》2024年第7期2293-2303,共11页Journal of Beijing University of Aeronautics and Astronautics

基  金:国家重点研发计划(2019QY1400)。

摘  要:威胁情报关联分析已成为网络攻击溯源的有效方式。从公开威胁情报源爬取了不同高级持续性威胁(APT)组织的威胁情报分析报告,并提出一种基于图注意力机制的威胁情报报告归类的方法,目的是检测新产生的威胁情报分析报告类别是否为已知的攻击组织,从而有助于进一步的专家分析。通过设计威胁情报知识图谱,提取战术和技术情报,对恶意样本、IP和域名进行属性挖掘,构建复杂网络,使用图注意力神经网络进行威胁情报报告节点分类。评估表明:所提方法在考虑类别分布不均衡的情况下,可以达到78%的准确率,达到对威胁情报报告所属组织进行有效判定的目的。Threat intelligence correlation analysis has become an effective way to trace the source of cyber attacks.The threat intelligence analysis reports of different advanced persistent threat(APT) organizations were crawled from the public threat intelligence sources,and a threat intelligence report classification method based on graph attention mechanism was proposed,which was to detect whether the newly generated threat intelligence analysis report categories were known attack organizations,so as to facilitate further expert analysis.By designing a threat intelligence knowledge graph,extracting tactical and technical intelligence,mining the attributes of malicious samples,IPs and domain names,constructing a complex network,and using the graph attention neural network to classify the threat intelligence reporting nodes.Evaluation indicates that the method can achieve an accuracy rate of78% while considering the uneven distribution of categories,which can effectively achieve the purpose of judging the organization to which the threat intelligence report belongs.

关 键 词:威胁情报 高级持续性威胁组织 知识图谱 图注意力机制 攻击溯源 

分 类 号:TP391[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象