| In recent years,with the rapid development of the Internet and the increasing number of cyber threats,the traditional cyber defense system has been unable to make effective judgments on threats.Therefore,threat intelligence technology was born,and the technology is in a stage of rapid development.So far,the fragmented information cannot accurately trace the attack organization to take effective defense measures in time.This topic proposes a knowledge map construction technology for threat intelligence,which can solve the problem of poor intelligence correlation and utilize knowledge map visualization technology.Visually reveal the elements and relationships of threat intelligence.The paper analyzes the current status of threat intelligence knowledge mapping technology at home and abroad,and investigates related technologies such as ontology engineering,deep learning theory,entity disambiguation and knowledge reasoning.Through research and analysis,these techniques are applied to the entire threat intelligence knowledge map construction process.First of all,this paper proposes a set of threat intelligence ontology models.According to the construction standards,the deep learning framework is used to complete the automatic extraction of entity and entity relationships.The entity is then disambiguated by the extracted entity.Construct a good knowledge base of threat intelligence and use knowledge reasoning technology to obtain potential relationships.The data of the complete threat intelligence knowledge base is displayed using knowledge map visualization technology.Secondly,in view of the slow query speed of massive threat intelligence data,this paper uses the full-text search technology to search the knowledge base.Finally,based on the research of the thesis,a prototype system is constructed,which describes the system framework and system deployment environment,and shows the final knowledge map clearly.Through the research of this thesis,the knowledge map of threat intelligence is designed and implemented,free from passive defense in traditional network confrontation,integrated with a large number of isolated intelligence,actively adjusting its own defense strategy,predicting unoccupied attacks in advance,for further The foundation laid by the dominant position in the network attack and defense war. |
PDF Full Text Request