Haitao ZHANG, Yi JIANG, Shijie ZHU, et al. Research and application exploration of threat intelligence system of telecom operators[J]. Telecommunications science, 2022, 38(12): 121-132.
DOI:
Haitao ZHANG, Yi JIANG, Shijie ZHU, et al. Research and application exploration of threat intelligence system of telecom operators[J]. Telecommunications science, 2022, 38(12): 121-132. DOI: 10.11959/j.issn.1000-0801.2022293.
Research and application exploration of threat intelligence system of telecom operators
With the increasing inequality of network attack and defense in the Internet era
threat intelligence has become one of the important tools to narrow this gap.Based on the analysis of the research status of threat intelligence at home and abroad
a set of construction methods of threat intelligence systems suitable for telecom operators were proposed
including six steps: intelligence planning
intelligence production
intelligence analysis
intelligence management
intelligence sharing and intelligence application.Meanwhile a set of multi-source intelligence fusion assessment mechanisms was presented
and the technologies and methods were systematically expounded involved in the four stages of intelligence aggregation analysis
intelligence reputation analysis
intelligence correlation analysis and intelligence aging analysis
so as to help the telecom operators build the ability of intelligence fusion analysis.At the same time
the principles of intelligence production and synchronous application were given for intrusion and loss intelligence
which provided a useful reference for telecom operators to apply threat intelligence technology to build a security protection system.
关键词
Keywords
references
CNCERT/CC . 2016中国移动互联网发展状况及其安全报告 [R ] . 2016 .
CNCERT/CC . China mobile Internet development and security report [R ] . 2016 .
SUN Z . The attack and defense technology research of advanced persistent threat [D ] . Shanghai:Shanghai Jiao Tong University , 2015 .
TOUNSI W , RAIS H . A survey on technical threat intelligence in the age of sophisticated cyber attacks [J ] . Computers & Security , 2018 , 72 : 212 - 233 .
ZUO X D . New strategic deployment in the legislative dilemma:a review of the U.S.executive order for critical infrastructure protection [J ] . China Information Security , 2013 ( 3 ): 74 - 75 .
ZHAO Y L . A brief talk on “framework for improving critical infrastructure cybersecurity” [J ] . Information Security and Communications Privacy , 2015 ( 5 ): 16 - 21 .
WANG Q X , YANG W . Extraction of threat intelligence entities based on STIX [J ] . Cyberspace Security , 2020 ( 8 ): 86 - 91 .
CASEY E , BACK G , BARNUM S . Leveraging CybOX™ to standardize representation and exchange of digital forensic information [J ] . Digital Investigation , 2015 , 12 : S102 - S110 .
USSATH M , JAEGER D , CHENG F , et al . Pushing the limits of cyber threat intelligence:extending STIX to support complex patterns [C ] // Information Technology:New Generations .[S.l.:s.n. ] , 2016 .
FRANSEN F , SMULDERS A , KERKDIJK R . Cyber security information exchange to gain insight into the effects of cyber threats and incidents [J ] . Elektrotechnik und Informationstechnik , 2015 , 132 ( 2 ): 106 - 112 .
LIN Y , LIU P , WANG H , et al . Overview of threat intelligence sharing and exchange in cybersecurity [J ] . Journal of Computer Research and Development , 2020 , 57 ( 10 ): 2052 - 2065 .
YANG P A , WU Y , SU L Y , et al . Overview of threat intelligence sharing technologies in cyberspace [J ] . Computer Science , 2018 , 45 ( 6 ): 9 - 18 , 26 .