Threat intelligence technology in network security situation awareness
General Secretary XI Jinping gave instructions at the symposium on cybersecurity and informatization in 2016: Strengthen the mining and analysis of big data,make better situation awareness and prevent risks in cybersecurity.In response to the call of national policies,many large industries and enter...
Guardado en:
| Autores principales: | , , , |
|---|---|
| Formato: | article |
| Lenguaje: | ZH |
| Publicado: |
Hebei University of Science and Technology
2021
|
| Materias: | |
| Acceso en línea: | https://doaj.org/article/6e29c24955c94ba19a646787e1b8d56f |
| Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| id |
oai:doaj.org-article:6e29c24955c94ba19a646787e1b8d56f |
|---|---|
| record_format |
dspace |
| spelling |
oai:doaj.org-article:6e29c24955c94ba19a646787e1b8d56f2021-11-23T07:16:40ZThreat intelligence technology in network security situation awareness1008-154210.7535/hbkd.2021yx02012https://doaj.org/article/6e29c24955c94ba19a646787e1b8d56f2021-04-01T00:00:00Zhttp://xuebao.hebust.edu.cn/hbkjdx/ch/reader/create_pdf.aspx?file_no=b202102012&flag=1&journal_https://doaj.org/toc/1008-1542General Secretary XI Jinping gave instructions at the symposium on cybersecurity and informatization in 2016: Strengthen the mining and analysis of big data,make better situation awareness and prevent risks in cybersecurity.In response to the call of national policies,many large industries and enterprises actively advocated,built and applied situation awareness systems to deal with the severe challenges faced by network security.Network security situation awareness is an effective means to ensure network security.It has become the focus of network security research to use situation awareness to discover potential threats and respond.At present,most of the proposed network security situation awareness technologies and methods are based on small-scale networks.With the continuous expansion of network scale and appearance of new advanced attack technologies such as APT,the accuracy of current situation awareness technology and the maneuverability reduced greatly.In recent years,the emergence of threat intelligence has brought new ideas to the research of situation awareness and become a new direction in the field of situation awareness.This paper mainly summarized the traditional situation awareness research and the application of threat intelligence in network security situation awareness.The traditional situation awareness research was generally divided into three parts,namely,situation perception,situation comprehension and situation projection.The process of network security situation awareness was to collect the security elements of the target system,and analyze the impact of security incidents.Finally,by using network security situation awareness,it can be realized the behavior recognition of various activities,attacks detection,evaluation and prediction of the network situation,so as to provide correct decisions for the network security response.The application of threat intelligence in network security situation awareness was discussed from three scenarios: 1) Situation perception: threat intelligence was used to identify attack behaviors,extract relevant attack characteristics and determine attack intentions,methods,and impact; 2) Situation comprehension: after determining the attack behavior and characteristics,the attack behavior was understood and the attacker's attack strategy was determined by sharing the disposition of the attack behavior in the threat intelligence; 3) Situation projection: by analyzing threat intelligence information such as attack events,attack techniques,and vulnerabilities,the risk faced by the current system was evaluated,and the possible attack was predicted.Threat intelligence is usually obtained by big data,distributed systems or other methods,and it has a strong ability to update autonomously.Threat intelligence can provide the most complete and latest security event data,which greatly improves the ability to detect new and advanced dangers in network security situation awareness.And by using the sharing mechanism in the threat intelligence,security stuff can understand the threat environment of their organization,such as attackers,tactical techniques used by them and defense strategies,which can helpenterprises understand the security threats they are facing or will be faced in the future.Threat intelligence can improve the accuracy and efficiency of situation awareness analysis,as well as the ability to respond to security incidents.Yan YINHongbin ZHANGBin LIUDongmei ZHAOHebei University of Science and Technologyarticlenetwork security; situation awareness; threat intelligence; stix; network attack and defenseTechnologyTZHJournal of Hebei University of Science and Technology, Vol 42, Iss 2, Pp 195-204 (2021) |
| institution |
DOAJ |
| collection |
DOAJ |
| language |
ZH |
| topic |
network security; situation awareness; threat intelligence; stix; network attack and defense Technology T |
| spellingShingle |
network security; situation awareness; threat intelligence; stix; network attack and defense Technology T Yan YIN Hongbin ZHANG Bin LIU Dongmei ZHAO Threat intelligence technology in network security situation awareness |
| description |
General Secretary XI Jinping gave instructions at the symposium on cybersecurity and informatization in 2016: Strengthen the mining and analysis of big data,make better situation awareness and prevent risks in cybersecurity.In response to the call of national policies,many large industries and enterprises actively advocated,built and applied situation awareness systems to deal with the severe challenges faced by network security.Network security situation awareness is an effective means to ensure network security.It has become the focus of network security research to use situation awareness to discover potential threats and respond.At present,most of the proposed network security situation awareness technologies and methods are based on small-scale networks.With the continuous expansion of network scale and appearance of new advanced attack technologies such as APT,the accuracy of current situation awareness technology and the maneuverability reduced greatly.In recent years,the emergence of threat intelligence has brought new ideas to the research of situation awareness and become a new direction in the field of situation awareness.This paper mainly summarized the traditional situation awareness research and the application of threat intelligence in network security situation awareness.The traditional situation awareness research was generally divided into three parts,namely,situation perception,situation comprehension and situation projection.The process of network security situation awareness was to collect the security elements of the target system,and analyze the impact of security incidents.Finally,by using network security situation awareness,it can be realized the behavior recognition of various activities,attacks detection,evaluation and prediction of the network situation,so as to provide correct decisions for the network security response.The application of threat intelligence in network security situation awareness was discussed from three scenarios: 1) Situation perception: threat intelligence was used to identify attack behaviors,extract relevant attack characteristics and determine attack intentions,methods,and impact; 2) Situation comprehension: after determining the attack behavior and characteristics,the attack behavior was understood and the attacker's attack strategy was determined by sharing the disposition of the attack behavior in the threat intelligence; 3) Situation projection: by analyzing threat intelligence information such as attack events,attack techniques,and vulnerabilities,the risk faced by the current system was evaluated,and the possible attack was predicted.Threat intelligence is usually obtained by big data,distributed systems or other methods,and it has a strong ability to update autonomously.Threat intelligence can provide the most complete and latest security event data,which greatly improves the ability to detect new and advanced dangers in network security situation awareness.And by using the sharing mechanism in the threat intelligence,security stuff can understand the threat environment of their organization,such as attackers,tactical techniques used by them and defense strategies,which can helpenterprises understand the security threats they are facing or will be faced in the future.Threat intelligence can improve the accuracy and efficiency of situation awareness analysis,as well as the ability to respond to security incidents. |
| format |
article |
| author |
Yan YIN Hongbin ZHANG Bin LIU Dongmei ZHAO |
| author_facet |
Yan YIN Hongbin ZHANG Bin LIU Dongmei ZHAO |
| author_sort |
Yan YIN |
| title |
Threat intelligence technology in network security situation awareness |
| title_short |
Threat intelligence technology in network security situation awareness |
| title_full |
Threat intelligence technology in network security situation awareness |
| title_fullStr |
Threat intelligence technology in network security situation awareness |
| title_full_unstemmed |
Threat intelligence technology in network security situation awareness |
| title_sort |
threat intelligence technology in network security situation awareness |
| publisher |
Hebei University of Science and Technology |
| publishDate |
2021 |
| url |
https://doaj.org/article/6e29c24955c94ba19a646787e1b8d56f |
| work_keys_str_mv |
AT yanyin threatintelligencetechnologyinnetworksecuritysituationawareness AT hongbinzhang threatintelligencetechnologyinnetworksecuritysituationawareness AT binliu threatintelligencetechnologyinnetworksecuritysituationawareness AT dongmeizhao threatintelligencetechnologyinnetworksecuritysituationawareness |
| _version_ |
1718416832327581696 |