摘要
随着网络信息技术快速发展,网络威胁演变迅猛,促使人们必须寻求更有效、更主动的网络威胁检测和防御方法。在这种背景下,网络威胁情报得到了迅速普及,为大多数企业提供了有效的安全解决方案,并形成了多元异构的网络威胁情报生态系统。在这个生态系统中,情报的交换共享成为基本需求,由此产生了众多的网络威胁情报标准。基于对网络威胁情报的理解,梳理了主流网络威胁情报标准,对结构化威胁信息表达、情报信息的可信自动化交换、事件对象描述和交换格式等主流标准进行比较分析,希望能为网络威胁情报生产者在构建威胁情报平台时,选择合适的网络威胁情报标准提供一种思路。
With the rapid development of network information technology,cyber threats are evolving rapidly,forcing people to seek more effective and active cyber threat detection and defense methods.In this context,CTI(Cyber Threat Intelligence)gains rapidly spread,which provides effective security solutions for most enterprises,and forms a multi-heterogeneous CTI ecosystem.In this ecosystem,the exchange and sharing of intelligence is a basic requirement,resulting in numerous CTI standards.Based on the understanding of CTI,this paper sorts out the main CTI standards,compares and analyzes STIX,TAXII,IODEF and other standards,hoping to provide an idea for CTI producers to choose appropriate CTI standards when building a threat intelligence platform.
作者
张玲
ZHANG Ling(No.30 Institute of CETC,Chengdu Sichuan 610041,China;China Electronics Technology Cyber Security Co.,Ltd.,Chengdu Sichuan 610041,China)
出处
《信息安全与通信保密》
2022年第7期25-32,共8页
Information Security and Communications Privacy
关键词
网络威胁情报
网络威胁情报生态
网络威胁情报标准
共享交换
cyber threat intelligence
cyber threat intelligence ecosystem
cyber threat intelligence standards
share exchange
