Research On Network Threat Intelligence Analysis Technology Based On Unstructured Tex

In today’s era,network technology is developing rapidly and has affected many fields.The popularity of the network has brought human society to a new level.Although the network has promoted people’s lives in many ways,it also brings many problems from the perspective of security,such as: confidential information is easy to be hijacked during data transmission,attackers may explore network security loopholes,and damage network equipment Attack.Therefore,network security protection is becoming more and more important.There are many ways to defend against network attacks,such as firewalls,system patches,authentication,information encryption,and intrusion detection.But today’s network attacks are becoming more and more complex,and it is difficult for these traditional security protection strategies to provide effective protection.The main reasons are as follows: Vulnerabilities are unpredictable,and traditional methods are difficult to effectively deal with network attacks.For continuous network attacks,protection technologies such as functional detection have lost their effectiveness,and traditional means cannot cope.Therefore,it is necessary to enhance the vulnerability analysis and network threat intelligence information extraction capabilities of organizations and enterprises,so as to improve the network’s active security defense capabilities.Threat intelligence can describe attack behaviors and attack portraits of attackers,and can guide organizations and enterprises on how to effectively defend,which makes threat intelligence play a vital role in network security protection.In this regard,this paper analyzes unstructured network threat intelligence.Firstly,a network security ontology is constructed according to the characteristics of threat intelligence data,and then a quantitative method for unstructured threat intelligence is proposed.Finally,a threat intelligence analysis method is designed.platform.The main content of the text is as follows:(1)The form of cyber threat intelligence is analyzed.At present,there are many types of threat intelligence.This paper conducts research on network threat intelligence,analyzes the types and applications of threat intelligence,and then introduces the current unified threat intelligence standards,summarizes well-known network security knowledge bases at home and abroad,and the analysis of data integration tools provides a theoretical and data basis for the subsequent construction of security domain ontology and quantitative analysis of threat intelligence.(2)Aiming at the problem of wide sources of security data and unfixed formats,this paper proposes a brand-new network security ontology,defines multiple security top-level classes,and describes the relationship between classes in detail.Finally,the constructed Ontology is applied in the construction process of knowledge map,and the constructed knowledge map provides technical support for the quantification of threat intelligence.(3)Aiming at the problem that the quality of the current threat intelligence is uneven and it is difficult to screen out high-quality intelligence,a quantitative evaluation method for threat intelligence is proposed.First,simply classify the threat intelligence,then extract the threat indicators and CVE information contained in it,and finally analyze the threat intelligence from multiple dimensions,and realize the quantification of the threat intelligence according to the evaluation function.Through this method,high-quality data can be obtained.threat intelligence.(4)In response to the current user needs for threat intelligence analysis,this paper designs and implements a threat intelligence analysis platform based on existing research.It mainly includes data collection,knowledge construction,data storage,threat intelligence quantification and visualization modules.