网络威胁情报共享与融合技术综述

A survey of cyber threat intelligence sharing and fusion technologies

随着网络空间新生威胁日趋复杂多变,攻击方式从单一化向协作化、隐蔽化发展,传统被动式网络安全防御体系受到极大挑战,其面临的一个主要难题是信息获取能力的不对称,导致防御方难以及时掌握和检测协作形式的规模化网络攻击。网络威胁情报(Cyber Threat Intelligence,CTI)记录攻击者的行为特征,通过对攻击线索进行关联分析能够有效地检测和研判复杂网络攻击,是主动协同网络安全防御体系的关键。然而,在威胁情报应用过程中需要提高情报共享的安全性和性能,并解决多源情报格式异构和概念冲突等问题,这引起了学术界和产业界的众多关注。深入调研近年来的相关成果,从情报共享和情报融合两个角度整理已有工作并进行总结,最后指出该领域未来的研究方向。通过梳理和分析现有威胁情报共享和融合的研究概况,推进我国威胁情报应用工作的发展,进一步提升网络空间主动协同防御的能力。

With the increasingly complex and variable new threats in cyberspace,the attack methods have developed from simplification to collaboration and concealment,and the traditional passive network security defense system has been greatly challenged.One of the foremost challenges is the asymmetry of information acquisition ability,which impedes the timely identification and detection of collaborative cyber-attacks.Cyber threat intelligence(CTI)not only records the behavioral characteristics of attackers but also enables effective detection and diagnosis of complex cyber attacks through correlation analysis of these clues,serving as a crucial component of proactive collaborative network security defense systems.However,enhancing security and performance of intelligence sharing while addressing data heterogeneity and conceptual differences across various sources remain challenges in utilizing CTI.This issue has garnered attention from both academics and industry professionals.Research on relevant achievements in recent years was conducted deeply,existing work was summarized from the perspectives of intelligence sharing and fusion,and future research directions in this field were outlined finally.By reviewing and analyzing the current research on threat intelligence sharing and fusion,it is helpful to advance the application of threat intelligence in China,further enhancing the capabilities of proactive and collaborative defense in cyberspace.