| With the rise of dark and deep networks,underground markets and hacker forums have become hotbeds of illegal activities,and cybersecurity issues are increasingly prominent.As a key security resource,analyzing threat intelligence is important for preventing cybersecurity incidents and formulating effective defense strategies.However,the information sources in the dark and deep networks are complex and of varying quality,so how to effectively analyze threat intelligence becomes an urgent problem;threat intelligence usually contains a large number of entities,such as attack methods,vulnerability exploits,attack tools,etc.How to accurately and quickly identify these entities from a large amount of threat intelligence and integrate the extracted key information into an easily understood threat intelligence knowledge graph is a topic worth exploring.To address the above issues,this study focuses on threat intelligence analysis,threat intelligence entity recognition and threat intelligence graph construction to address the current increasingly serious cybersecurity challenges,with the main research contents including:(1)A Bi LSTM-CNN model based on attention mechanism is designed to automatically identify posts about threat intelligence in hacker forums.Compared with traditional methods,the model has more significant advantages in dealing with longrange dependencies and capturing critical information.By using the attention mechanism to be able to automatically adjust the dynamic information weights of the input sequence,it performs more effectively in focusing on threat intelligence information.The experimental results show that the Bi LSTM-CNN model based on the attention mechanism has significant improvement in recognition effectiveness compared with the recurrent neural network model based on the attention mechanism and the convolutional neural network based model,which effectively improves the efficiency of identifying threat intelligence of hacker forums.(2)Data exploration of the illegal market on the dark web,using machine learning to identify drug-related commodities,providing data samples for the subsequent construction of a knowledge graph of transaction information,constructing a transaction graph with sellers as the core nodes for market transaction information,recording sellers’ sales records and their related information,the visualization of the graph helps to analyze transaction patterns to monitor illegal transactions,provide a more comprehensive and detailed data perspective to get more The visualization of the graph helps to analyze the transaction patterns to monitor illegal transactions,provide a more comprehensive and detailed data perspective to get more accurate transaction information,help to comprehensively understand the operation mode of the illegal market,reveal the relationship and interaction of the dark net market,improve the effectiveness of the regulation of illegal activities on the dark net market,and have practical value in the dark web regulation.(3)Design and implement Transformer-based bidirectional encoder model and bidirectional long and short-term neural network model to identify entities in 13 categories of cyber threat intelligence,and the experimental results show that the model outperforms the Transformer-based model in terms of accuracy,recall and F1 value.The identified entities are used to construct a threat intelligence knowledge graph to integrate and analyze the collected threat intelligence,to better observe the relationships between entities,to understand the potential associations and patterns of threat intelligence,and to identify the root causes and key factors of cyber security threat events. |
PDF Full Text Request