Study On Trustworthy Analysis Of Threat Intelligence Based On Machine Learning

In recent years,with the rapid advancement and development of information technology,network security technology has evolved.Whether it is the emergence of new types of networks such as 5G communication and Internet of Things,or the emergence of new service models such as online social networks,they are constantly showing the characteristics of openness,heterogeneity,mobility and credibility.These services are convenient for people's lives,but due to the anonymity of the network,people also suffer huge losses and injuries caused by illegal network penetration.Aiming at the threat intelligence data of the increasingly large network users,how to conduct reasonable analysis and research on these threat intelligences will become the top priority of the social trust system and active security defense in the new era.In today's Internet environment,the main source of threat intelligence data for user entities is the network,especially large-scale online social'networks,but the threat intelligence data in social networks is anonymized,and the data size is large and the relationship is complicated.Due to those characteristics,how to effectively and effectively research and utilize the threat intelligence data of these user entities is the key to solving the trust evaluation of threat information of network users in the cyberspace environment.Therefore,this paper focuses on the trust assessment of threat intelligence in large-scale online social network environment.The main tasks are as follows:(1)Aiming at the large-scale online social network environment.due to the threat intelligence data is large in scale and complex in relation,this paper proposes a method based on machine learning for constructing massive knowledge graph of the threat intelligence.The method utilizes the structured and unstructured characteristics of threat intelligence data in cyberspace to extract the entities,attributes and relationships of the original threat intelligence data.Considering the existence of duplicates and aliases between extracted entities,attributes,and relationship information,and then using knowledge fusion techniques to process,integrate,and disambiguate the extracted entities,attributes,and relationships.Finally,in view of the inconsistent or conflicting problem of the obtained entity aliases,this paper uses the two-class machine learning method to eliminate the conflict of heterogeneous entity data.In this way,a series of high-quality threat intelligence knowledge maps based on facts can be obtained.The higher the quality of the constructed threat intelligence knowledge graph,the more accurate the trust evaluation calculation based on the knowledge graph.(2)Aiming at the anonymity of user intelligence data in network environment,this paper proposes a trust evaluation model based on knowledge graph of user intelligence data.The model uses the TransE(Translating Embeddings)algorithm to map the information of entities,attributes and relationships in the intelligence knowledge graph to the vector of low-dimensional vector space.In order to calculate the trust relationship between two nodes in two knowledge graph,we propose a path aggregation algorithm based on Recurrent Neural Network(RNN)to calculate the trust value of any path between two nodes.Then,through the Path Reliability Measuring Algorithm(PRM),the weighted calculation of the final trust relationship with multiple relationship paths between the two nodes is carried out.The experimental results show that the above-mentioned threat intelligence trust evaluation model has higher accuracy than the traditional rule-based operation model.(3)Aiming at the needs of user trust evaluation in real network environment,this paper designs and implements a trust evaluation system based on user intelligence data of Sina Weibo.The system is divided into threat intelligence data crawling module,threat intelligence data preprocessing module,threat intelligence knowledge graph building module,threat intelligence credibility analysis module.The intelligence data crawling module uses the web crawler to crawl the user intelligence data of Sina Weibo;the threat intelligence data preprocessing module aims to analyze the entities,attributes and relationships of the original structured threat intelligence data;The threat intelligence knowledge graph construction module uses the acquired threat intelligence data to construct a high-quality threat intelligence knowledge graph by using the knowledge graph construction method;the threat intelligence trust analysis module uses the path aggregation algorithm and the path reliability algorithm mentioned above is used for trust evaluation.Finally,the system provides a visual platform to visually display the constructed knowledge graph.