摘要
针对安全威胁情报存在来源复杂、不易理解、难以共享等问题,基于受限玻尔兹曼机实现威胁情报特征深度学习,将原始威胁情报特征从高维空间逐层向低维空间映射,构建网络空间安全威胁知识图谱.进而利用网络空间安全威胁知识图谱,结合当前上下文情境,基于事件流处理进行安全威胁路径演化和追踪溯源,精准感知网络空间安全威胁.实验验证了构建网络空间安全威胁知识图谱的可行性,并通过与传统威胁检测方法对比,验证了基于知识图谱的安全威胁感知方法更适用于对高强度安全威胁的感知.
Aiming at the problems of complex sources,difficult to understand and share security threat intelligence,this paper realizes deep learning of threat intelligence features based on restricted Boltzmann machine,which maps the original threat intelligence features from high dimensional space to low dimensional space layer by layer,and constructs the cyberspace security threat knowledge map.By using the cyberspace security threat knowledge map,and combining with the current context,the path evolution and tracing of security threats are carried out through event flow processing to accurately perceive cyberspace security threats.The experiment verifies the feasibility of constructing the cyberspace security threat knowledge map,and verifies the security threat perception method based on the knowledge map is more suitable for the perception of high-intensity security threats by comparing with traditional threat detection methods.
作者
石波
于然
朱健
Shi Bo;Yu Ran;Zhu Jian(Beijing Institute of Computer Technology and Application,Beijing 100854;Jiangsu Aerospace 706 Information Technology Co.,Ltd.,Nanjing 210012)
出处
《信息安全研究》
2022年第8期845-853,共9页
Journal of Information Security Research
基金
国家重点研发计划项目(2018YFC0831400)。
关键词
知识图谱
威胁情报
受限玻尔兹曼机
安全威胁感知
威胁检测
knowledge map
threat intelligence
restricted Boltzmann machine
security threat perception
threat detection