摘要
威胁情报是针对现存的或潜在的威胁或危害资产行为,基于情景、应对建议等一些循证知识为解决威胁或危害提供决策依据的知识.基于威胁情报进行网络安全防御可及时分析所面临的威胁态势,从而辅助决策,极大地增强防御能力.总结了威胁情报领域涉及的相关标准,并对其进行了简要概述,包括美国MITRE公司提出的一系列标准、一些其他机构提出的主流标准,以及我国于2018年10月刚刚发布的威胁情报的国家标准.其中,某些标准侧重于情报的特征描述,某些标准侧重于情报的传输格式.这些标准的使用可规范威胁情报的表达和交换,有助于提高共享数据的有效性和共享的效率,更好地防范网络攻击.
Cyber threat intelligence(CTI)refers to the knowledge that provide decision-making basis for solving threats or hazards based on some evidence-based knowledge such as scenarios,response suggestions and so on,aiming at existing or potential threats or endangering assets.The cyber-security defense based on CTI can analyze the threat situation in time, assist decision-making and greatly enhance the defense capability.This paper summarizes the relevant standards in the field of CTI and gives a brief overview of them,including a series of standards proposed by MITRE of the United Statest some mainstream standards proposed by other agencies,and the national standard of CTI released in October, 2018 in China.Among them, some standards focus on the feature description of intelligence while others focus on the transmission format of intelligence.The use of these standards can standardize the expression and exchange of CTI,helping to improve the validity of sharing data and efficiency of data sharing,thus we can prevent network attacks better.
作者
石志鑫
马瑜汝
张悦
王翔宇
Shi Zhixin;Ma Yuru;Zhang Yue;Wang Xiangyu(Fourth Laboratory,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093;School of Cyberspace Security,University of Chinese Academy of Sciences,Beijing 100049)
出处
《信息安全研究》
2019年第7期560-569,共10页
Journal of Information Security Research
关键词
网络安全
威胁情报
情报共享
情报交换标准
情报描述
情报传输
cyber-security
threat intelligence
intelligence sharing
standard for intelligence exchange
intelligence description
intelligence transmission
