摘要
如今,以高级可持续威胁(APT)为代表的新型攻击越来越多,传统安全防御手段捉襟见肘,网络空间安全态势日趋严峻。威胁情报具有数据内容丰富、准确性高、可自动化处理等特点,将其用于网络安全分析中可以有效提高安全防御能力。因此,威胁情报越来越被关注,学术界和产业界已针对威胁情报分析与共享开展了相应研究。文中首先对威胁情报的价值、意义进行了分析,并对威胁情报和威胁情报厂商进行了分类;然后重点从威胁情报共享技术面临的主要问题出发,分析和总结了学术界和产业界针对这些问题进行的研究与尝试;最后展望了威胁情报共享领域未来的研究内容。
Nowadays,new kinds of cyber-attacks,such as APT and DDoS,have lower concealment,lower attack cost and huge attack effect.These advantages can let them easily escape from the detection of traditional cyber-attack measures.Cyber-space security situation is becoming more and more severe.The detection and prevention of these attacks have become much harder.CTI(Cyber Threat Intelligence)based network defence has been proved to be a promising strategy to address this problem.In this case,both academic and business circle have put many efforts on CTI analysis and sharing.This paper introduced the meaning and value of CTI.Then aiming at the sharing for threat intelligence,it studied and reviewed the works and developments in CTI sharing deeply.In the end,it looked ahead to the future study of CTI sharing.
作者
杨沛安
武杨
苏莉娅
刘宝旭
YANG Pei-an;WU Yang;SU Li-ya;LIU Bao-xu(University of Chinese Academy of Science;Institute of High Energy Physics,Chinese Academy of Science;Institute of Information Engineering,Chinese Academy of Science)
出处
《计算机科学》
CSCD
北大核心
2018年第6期9-18,26,共11页
Computer Science
关键词
网络空间安全
威胁情报
情报共享
数据挖掘
Cyberspace security
Threat intelligence
Intelligence sharing
Data mining
