Research On The Construction And Application Technology Of Threat Intelligence Knowledge Grap

A network system is composed of numerous devices,which are connected to each other in a complex network topology.The increasing diversity and quantity of these devices,as well as the complexity of the network topology,pose increasingly greater security risks to the network system.Attackers can exploit vulnerabilities and weaknesses in the network to carry out malicious activities such as intrusion,data theft,and denial of service.Network Cyber Threat Intelligence(CTI)contains abundant information about devices,networks,and defenses,which helps security teams better understand threats and take appropriate measures.However,since threat intelligence information usually comes from different sources and formats,there is a lack of correlation among security knowledge,which makes some advanced reasoning tasks impossible to perform.This thesis combines threat intelligence with knowledge graph technology,constructs a threat intelligence knowledge graph for the lack of correlation between network threat intelligence information.Based on this knowledge graph,this thesis investigates threat detection and defense strategy generation.The main content of this article is as follows:(1)Addressing the issue of lack of correlation among network threat intelligence entities,this thesis analyzed mainstream network threat intelligence and built a threat intelligence ontology.It includes all aspects of cyber threat intelligence,such as vulnerabilities,attack techniques,platforms,attack targets,etc.These entities are classified through analysis and the relationship between entities is defined.Modeling cyber threat intelligence using ontologies can remove semantic differences between different data sources.(2)Based on the threat intelligence ontology,this thesis constructs a threat intelligence knowledge graph.Knowledge graphs integrate data from different sources into a unified data model,thereby supporting complex reasoning and query tasks.Based on the threat intelligence ontology,establish corresponding nodes in the knowledge graph.And use information extraction technology to extract threat-related entities from unstructured text,combine structured threat intelligence to build a knowledge graph,and use Neo4 j for storage and visualization.(3)This thesis proposes a threat detection method based on threat intelligence knowledge graph.Specifically,the method first converts the log into an RDF format that supports SPARQL queries,and uses the association between the Sigma threat detection rules and the ATT&CK knowledge base to associate the threats detected from the log into the threat intelligence knowledge graph.With this approach,security personnel can see the full picture of an attack in a timely manner after a threat is detected.(4)This thesis proposes a defense strategy reasoning model consisting of knowledge graph embedding algorithm(CTI-KGE)and reasoning rules.CTI-KGE is based on knowledge representation learning,and the link prediction task can automatically infer tail entities that have any relationship with the head entity,thereby complementing threat information.Rule reasoning is interpretable to automatically generate defense strategies.In order to verify the feasibility and effectiveness of the model,this thesis evaluates the model through a real network scenario.