| With the development of technologies such as artificial intelligence,big data,and cloud computing,cyber attacks are becoming increasingly sophisticated and constantly challenge the defensive capabilities of information security.In response to the critical situation of cyberspace security,professionals in various fields are actively researching and practising various cyber security technologies and techniques to protect cyber security.Among them,threat intelligence has become an important concept and technology in the field of cyber security,which plays a vital role in improving cyber security defence capabilities and responding to cyber attacks.As the number of sources of threat intelligence continues to grow,the amount of intelligence increases dramatically,making the processing and analysis of information more complex and difficult.In particular,when threat intelligence from different sources emerges,there may be conflicts and duplication,leading to confusion and unreliability of information.Secondly,the quality of threat intelligence varies,as some threat intelligence may not be accurate or timely,or may even be misleading or false,making it difficult to find truly valuable intelligence for security analysis and decision making,which poses significant risks and challenges to the processing and use of the information.How to select high-level threat intelligence sources so that high-quality threat intelligence can be obtained on a continuous basis has become a priority issue in threat intelligence applications.Therefore.This thesis examines the importance assessment of threat intelligence sources from the following two aspects:(1)In order to address the problem of threat intelligence traceability,this paper proposes a method for researching and judging the homology of threat intelligence based on the idea of classification.The temporal effect of threat intelligence,the content characteristics of threat intelligence and the closeness between threat intelligence sources are selected as the research and evaluation features,and suitable similarity algorithms are designed according to each attribute feature and the weights corresponding to different features are calculated separately using the IAC-RSR comprehensive analysis method.(2)In response to the problem that there are many sources of threat intelligence in the real environment,the quality of threat intelligence cannot be obtained efficiently and continuously.By constructing a threat intelligence dissemination assessment model,analyzing the characteristics of dissemination content and dissemination mechanism respectively and giving the calculation methods of the influence of dissemination content and the influence of dissemination mechanism,and integrating the influence of dissemination content and the influence of dissemination mechanism according to the proposed comprehensive assessment Gvikor algorithm,the importance assessment of threat intelligence sources is achieved. |
PDF Full Text Request