基于层次分析法的威胁情报源质量评估模型

A threat intelligence source quality evaluation model based on analytic hierarchy process

情报源提供的威胁情报记录了基于网络、主机或行为的信息,可以用于检测和识别网络威胁。情报源的质量越高,所提供的情报数据质量就越高。文中构建了一种基于层次分析法的威胁情报源质量评估模型,从情报源和情报数据两个方面建立层次结构,确定各指标权重并对其进行量化计算,将安全经验与数据算法相结合,建立了完整、动态的情报源综合评价体系。实验结果的短期监测分析和模型在实际业务中的长期使用效果表明,该模型对不同质量的情报源有明显区分度,能够达到动态监测情报源质量和排序择优的目的。

Threat intelligence provided by intelligence sources record information based on networks,hosts,or behaviors,and can be used to detect and identify network threats.Higher quality intelligence sources can provide higher quality intelligence data.This paper constructs a threat intelligence source quality evaluation model based on Analytic Hierarchy Process,and establishes a hierarchical structure from two aspects of intelligence source and intelligence data,which determines the weight of each target and performs quantitative calculations on it.In addition,by combining security experience with data algorithms,a complete and dynamic comprehensive evaluation system for intelligence sources is established.The short-term monitoring analysis of the calculation results and the long-term use effect of the model in the actual business show that the model has a clear distinction between information sources of different quality,and can achieve the purpose of dynamically monitoring the quality of information sources and sorting the best.