摘要
大数据安全分析方法一般是基于已有的特征库对恶意行为进行匹配检测,该方法只能检测到已知攻击,不能对新型的未知攻击与复杂变种攻击进行分析判断。通过大数据分析技术,对采集数据进行安全价值提炼,实现从采集数据、威胁信息、威胁知识,再到威胁情报的价值转换,形成具有隐蔽性、价值选择性、对抗性、预测性、决策性、可举证性、时效性的高价值威胁情报。首先分析了已有安全分析方法的局限性,然后详细介绍了威胁情报库的构建方法,最后阐述了基于自更新威胁情报库的大数据安全分析方法。基于自更新的威胁情报库进行大数据安全分析,可以有效地挖掘出互联网数据中潜藏的威胁,强化互联网企业已有的安全防护能力,以便在安全博弈过程中掌握事前防御的主动权。
Big data security analysis method is generally based on the existing signature database to detect and match malicious behaviors. This method can only detect known attacks and can't analyze and judge new types of unknown attacks and complex variant attacks. Through the big data analysis technology, the collected data was extracted for safety value, and the value conversion from the collected data, threat information, threat knowledge to threat intelli- gence was realized, high-value threat intelligence of forming hidden, value selective, adversarial, predictive, and de- cision-making, evidence-based, time-sensitive was formed. Firstly, the limitations of the existing security analysis methods were analyzed. Then the construction method of threat intelligence database was introduced in detail. Finally, the security analysis method of big data based on self-renewing threat information database was described. The anal- ysis of big data security based on the self-updated threat intelligence database could mine the hidden threats in inter- net data effectively and strengthen the existing security protection capabilities of internet companies so that the preemptive defense initiative could be mastered during the security game.
作者
侯艳芳
王锦华
HOU Yanfang, WANG Jinhua(Mobile Internet System and Application Security National Engineering Laboratory, Shanghai 201315, Chin)
出处
《电信科学》
2018年第3期50-58,共9页
Telecommunications Science
关键词
威胁情报库
大数据分析
威胁信息
威胁知识
自更新
threat intelligence database, big data analysis, threat information, threat knowledge, self-update
