摘要
面对当前日益严峻的安全形势,安全专家们需要改变传统的安全防御思路,通过对网络安全威胁特征、方法、模式的追踪、分析,以主动方式实现对网络安全新威胁的及时识别与有效防护。在实现这一转变过程中,安全威胁情报的作用不容忽视。与实体空间的战争冲突类似,网络空间对抗也极度依赖安全威胁情报来开展。网络空间安全威胁情报是基于证据的知识,包括场景、机制、威胁指示和可操作建议等。围绕安全威胁情报的基本特征和面临的挑战,重点从网络防御的视角介绍安全威胁情报的作用和工作流程,设计安全威胁情报即服务(TIaaS)的体系架构图,作为支撑安全威胁情报应用研究的一个创新性的技术和工程框架,并探讨安全威胁情报的应用场景和研究热点。
Facing the increasingly flinty security position, the security security defense, which can realize the timely identification and effective through the active methods, which is through the tracing and analysis for experts need to change the idea of defense for all the new cyber threats the characteristic, method and mode of the cyber threat. The function of the cyber threat intelligence ( CTI ) is very important during the process of change, the Cyber counterwork is also deeply depended on CTI as the battle conflict in the entity space. The CTI is the knowledge based on evidence, including scene, mechanism, indicator of compromise (IOC) and operative suggestions. The paper introduces the function and flow of the CTI in the Cyber security field along with the basic characteristic and challenge of CTI,design a security threat intelligence service (TIaaS) architecture diagram, as an innovative technology and engineering framework for supporting security threat intelligence applications.Meanwhile,discusses the application scene of the CTI and the hotspot of research.
出处
《通信技术》
2016年第6期758-763,共6页
Communications Technology
关键词
网络威胁情报
网络空间安全
威胁指示
威胁情报即服务
Cyber Threat Intelligence
Cyberspace Security
Indicator of Compromise
Threat Intelligence as a Service
