Research On Analysis Method Of Network Security Text Based On Deep Learning

With the rapid development of network technology,an increasing number of infrastructures are connected to the Internet,cyber threats are becoming more and more serious.Cyber threat intelligence sharing is one of the feasible solutions to address Cyber threats.However,currently,cyber threat intelligence sharing still has some problems.Firstly,most of the key information is hidden in massive amounts of network security text.How to accurately and efficiently analyze cyber threat intelligence from network security text is the first problem we are currently facing.Secondly,the network security text analysis methods currently in use lack network security expertise,resulting in poor performance in network security text analysis tasks.How to introduce knowledge into network security text analysis is the second problem we are facing now.To address the first problem,based on the text characteristics of different IOCs,this thesis uses regular expression matching method to extract basic IOCs from network security text,referring to the standard format of network threat intelligence sharing STIX2.0.Meanwhile,based on BERT-BiLSTM-CRF,this thesis proposes a model called CTIAA to mine threat actions from network security text.The BERT model can well solve the problem of fewer labeled datasets in network security,LSTM can solve the problem of long sentences that frequently appear in network security text,and CRF can filter out unreasonable labels.In addition,this thesis matches the extracted threat actions to relevant entries in the threat ontology through the TF-IDF algorithm and generates TTPs and response strategies.To address the problem of lack expertise in network security text analysis,this thesis introduces a network security knowledge graph based on CTIAA,and proposes a network security text analysis model K-CTIAA that integrates knowledge graphs.Firstly,this thesis constructs a multi-source network security knowledge graph to provide knowledge support for the entire system.Subsequently,K-CTIAA introduces knowledge into network security text through knowledge queries and knowledge inserts,and generating a sentence tree with network security knowledge.Then,this thesis introduces the concepts of soft position encoding and hard position encoding to input the sentence tree with knowledge into the model,constructs a visible matrix,and modifies the calculation method of self-attention in the BERT model to integrate knowledge.In addition,this thesis proposes sentence tree pruning and modification of the visible matrix construction rules to alleviate the noise problem brought about by inserting knowledge.Sentence tree pruning is used to filter out irrelevant knowledge,and modification of the visible matrix is used to integrate knowledge into the context of the sentence.Finally,this thesis builds a network security text analysis system based on deep learning,and tests it using network security text instances.The results show that KCTIAA can well complete the task of extracting threat actions from network security texts,and can generate standardized threat intelligence based on Structured Threat Information Expression(STIX 2.0).