摘要
暗网信息相比于表网往往具有更强时新性,可用于威胁情报获取和研究.针对安全研究人员难以从海量暗网数据中迅速获取强时新性威胁情报的问题,提出一种基于暗网的威胁情报主动获取框架.框架包括暗网数据获取、数据筛选和威胁情报获取3个模块,针对暗网中的“恶意软件”、“黑客工具”和“数据泄露”3类信息,提出并使用信息量计算方法I@n(information at n),利用暗网和表网信息出现的时间差,计算暗网信息在表网中的信息量.通过表网中的信息量与信息的时新性之间的规律,主动获取暗网中的强时新性威胁情报.实验表明,通过该框架可以从暗网中获取威胁情报,帮助安全分析人员及时应对未知网络威胁.
The information in the darknet tends to appear earlier than the surface web and can be used for threat intelligence acquisition and research.Aiming at the problem that security researchers can t quickly obtain the emerging threat information from the massive darknet data,a framework for a proactive acquisition of threat intelligence based on darknet is proposed.The framework includes three modules:dark network data acquisition,data filtering and threat intelligence acquisition.For the three types of information such as“malware”,“hacking tools”and“data leakage”in the darknet,the framework proposes and uses the information amount calculation method I@n(information at n),calculating the amount of dark network information in the surface network by using the difference in the time of information appearing in the darknet and the surface network.The updated threat information in the dark network is proactively acquired through the law between the amount of information in the surface network and the timeliness of the information.Experiments show that it is feasible to use this framework to acquire threat intelligence proactively from the darknet,helping security analysts respond to unknown cyber threats in a timely manner.
作者
黄莉峥
刘嘉勇
郑荣锋
李孟铭
Huang Lizheng;Liu Jiayong;Zheng Rongfeng;Li Mengming(College of Cybersecurity,Sichuan University,Chengdu 610065;College of Electronic Information,Sichuan University,Chengdu 610065)
出处
《信息安全研究》
2020年第2期131-138,共8页
Journal of Information Security Research
基金
国家自然科学基金项目(61872255)
关键词
暗网
威胁情报
机器学习
多分类
信息检索
数据挖掘
darknet
threat intelligence
machine learning
multi-classification
information retrieval
data mining
