大数据环境下的威胁情报分析

Analysis on Threat Intelligence in Big Data Environment

[目的/意义]对威胁情报概念和相关热点问题进行论述,为情报研究引入新的内容和方法。[方法/过程]通过文献调研、内容分析等方法,在对威胁情报研究现状、基本内涵进行分析的基础上,对国内外威胁情报的热点问题及未来研究重点进行了详细论述。[结果/结论](1)威胁情报对促进信息安全管理范式的转型、推动国家信息安全协同治理、推进信息安全全球治理体制的变革有重要意义;(2)威胁情报分析的流程主要包括:需求定义与计划制定、来源选择与信息采集、信息融合与数据清洗、机器学习与智能分析、人工分析与情报提炼、情报展示与成果传递六个环节;(3)威胁情报在维护国家信息主权、重要基础设施信息安全管理、公共安全管理等方面正发挥着重要的作用;(4)威胁情报共享的制度保障、威胁情报的深度分析、威胁情报的隐私保护将成为未来的研究热点。

[ Purpose/Significance] This paper primarily discusses the hot issues of threat intelligence, and introduces new contents and methods for intelligence research. [ Method/Process] Through literature research, content analysis, the paper analyzes the present situation and connotation threat intelligence research, and explains the hot issues and future research focus of the research. [ Result/Conclusion] The conclusions are： Threat intelligence has a great significance for promoting the paradigm transformation of information security manage- ment, the coordinated management of national information security, and the reform of the global governance structure of information secur- ity. The threat intelligence analysis process mainly includes： requirements definition and planning, source selection and information collec- tion, information fusion and data cleaning, machine learning and artificial intelligence, intelligent analysis, artificial analysis and informa- tion refining, and information display and delivery. Threat intelligence plays an important role in the fields of national information sover- eignty maintenance, important infrastructure information security management, and public safety management. The guarantee system of threat intelligence sharing, in-depth analysis of threat intelligence and privacy protection of threat intelligence will become the focuses of future research.