摘要
网络攻击事件给网络安全管理带来了极大的挑战.将知识图谱与网络安全领域相结合,构建安全知识图谱,整合大量的安全数据并挖掘其中潜在的威胁,对于网络攻击的辅助防护具有重要意义.针对网络安全数据海量化、分散化、关系隐蔽化等问题,提出了安全知识图谱的技术架构,从分析威胁数据特点、构建本体模型、实体和关系抽取、图谱构建等方面描述和揭示了网络节点中的实体及其关系,并阐述了基于安全知识图谱的网络节点威胁感知技术框架,对知识图结构和节点属性分别进行编码和解码,以获得更加丰富的语义信息.在此基础上,探究具有威胁识别、态势理解和辅助决策能力的网络节点威胁感知技术应用架构方法,从而实现对网络安全威胁的高效处理.
Cyber-attacks pose significant challenges to cyber security management.Combining knowledge graph with the field of cyber security,building a security knowledge graph,integrating a large amount of security data,and mining potential threats in it are all critical steps for the protection against cyber-attacks.This research proposed the technical architecture of security knowledge graph,described and revealed the entities and their relationships in cyber nodes from analyzing the characteristics of threat data,building ontology model,entity and relationship extraction,and graph construction,and elaborated the technical framework of threat perception of cyber nodes in order to address the problems of sea quantization,decentralization,and hidden relationships of cyber security data.Based on this,the architectural approach of cyber node threat perception technology application with threat identification,situational understanding,and assisted decision-making capabilities was investigated in order to achieve efficient cyber security threat processing.
作者
罗胜尹
杨丽蕴
惠孛
张世霖
蒋沥泉
LUO Shengyin;YANG Liyun;HUI Bei;ZHANG Shilin;JIANG Liquan(University of Electronic Science and Technology of China,Chengdu 610054,China;China Electronics Standardization Institute,Beijing 100007,China)
关键词
知识图谱
网络安全
威胁感知
knowledge graph
cyber security
threat perception
