电信运营商威胁情报体系研究与应用探索

张海涛; 蒋熠; 竺士杰; 陈琦

doi:10.11959/j.issn.1000-0801.2022293

您当前的位置：

首页 >

文章列表页 >

电信运营商威胁情报体系研究与应用探索

工程与应用 | 更新时间：2024-06-05

- 电信运营商威胁情报体系研究与应用探索
- Research and application exploration of threat intelligence system of telecom operators
- 电信科学 2022年38卷第12期页码：121-132
- 作者机构：
- 作者简介：
  
  [ "张海涛（1983- ），男，中国移动通信集团浙江有限公司网络安全部高级工程师，主要研究方向为威胁情报、态势感知、5G安全等" ]
  [ "蒋熠（1981- ），男，中国移动通信集团浙江有限公司网络安全部主管，主要研究方向为威胁情报、5G安全、零信任、态势感知" ]
  [ "竺士杰（1978- ），男，中国移动通信集团浙江有限公司网管中心副主任，主要研究方向为威胁情报、5G安全、零信任、态势感知" ]
  [ "陈琦（1990- ），男，中国移动通信集团浙江有限公司网络安全部工程师，主要研究方向为威胁情报、态势感知、5G安全等" ]
- 基金信息：
- DOI：10.11959/j.issn.1000-0801.2022293
  中图分类号： TP393
- 网络出版日期：2022-12，
  
  纸质出版日期：2022-12-20
- 稿件说明：
移动端阅览
张海涛, 蒋熠, 竺士杰, 等. 电信运营商威胁情报体系研究与应用探索[J]. 电信科学, 2022,38(12):121-132.

Haitao ZHANG, Yi JIANG, Shijie ZHU, et al. Research and application exploration of threat intelligence system of telecom operators[J]. Telecommunications science, 2022, 38(12): 121-132.
张海涛, 蒋熠, 竺士杰, 等. 电信运营商威胁情报体系研究与应用探索[J]. 电信科学, 2022,38(12):121-132. DOI： 10.11959/j.issn.1000-0801.2022293.

Haitao ZHANG, Yi JIANG, Shijie ZHU, et al. Research and application exploration of threat intelligence system of telecom operators[J]. Telecommunications science, 2022, 38(12): 121-132. DOI： 10.11959/j.issn.1000-0801.2022293.

摘要

随着互联网时代网络攻防的不对等加剧，威胁情报成为缩小这种差距的重要工具之一。在研究分析了威胁情报国内外研究现状的基础上，提出了一套适用于电信运营商的威胁情报体系构建方法，包括制定计划、情报生产、情报分析、情报管理、情报共享和情报应用 6 个环节。基于该体系架构提出了一套多源情报融合评估机制，概述了情报聚合分析、情报信誉分析、情报关联分析和情报老化分析 4 个阶段涉及的技术和建设方法，帮助电信运营商构建情报融合分析能力。同时，针对入侵类和失陷类情报领域给出了情报生产和同步应用原则，为电信运营商应用威胁情报技术构建安全防护体系提供了有益的参考。

Abstract

With the increasing inequality of network attack and defense in the Internet era

threat intelligence has become one of the important tools to narrow this gap.Based on the analysis of the research status of threat intelligence at home and abroad

a set of construction methods of threat intelligence systems suitable for telecom operators were proposed

including six steps: intelligence planning

intelligence production

intelligence analysis

intelligence management

intelligence sharing and intelligence application.Meanwhile a set of multi-source intelligence fusion assessment mechanisms was presented

and the technologies and methods were systematically expounded involved in the four stages of intelligence aggregation analysis

intelligence reputation analysis

intelligence correlation analysis and intelligence aging analysis

so as to help the telecom operators build the ability of intelligence fusion analysis.At the same time

the principles of intelligence production and synchronous application were given for intrusion and loss intelligence

which provided a useful reference for telecom operators to apply threat intelligence technology to build a security protection system.

关键词

Keywords

references

CNCERT/CC . 2016中国移动互联网发展状况及其安全报告 [R ] . 2016 .

CNCERT/CC . China mobile Internet development and security report [R ] . 2016 .

孙增 . 高级持续性威胁(APT)的攻防技术研究 [D ] . 上海:上海交通大学 , 2015 .

SUN Z . The attack and defense technology research of advanced persistent threat [D ] . Shanghai:Shanghai Jiao Tong University , 2015 .

TOUNSI W , RAIS H . A survey on technical threat intelligence in the age of sophisticated cyber attacks [J ] . Computers ＆ Security , 2018 , 72 : 212 - 233 .

左晓栋 . 立法困局下的战略新部署:美国关键基础设施保护行政令述评 [J ] . 中国信息安全 , 2013 ( 3 ): 74 - 75 .

ZUO X D . New strategic deployment in the legislative dilemma:a review of the U.S.executive order for critical infrastructure protection [J ] . China Information Security , 2013 ( 3 ): 74 - 75 .

赵艳玲 . 浅谈美国《提升关键基础设施网络安全框架》 [J ] . 信息安全与通信保密 , 2015 ( 5 ): 16 - 21 .

ZHAO Y L . A brief talk on “framework for improving critical infrastructure cybersecurity” [J ] . Information Security and Communications Privacy , 2015 ( 5 ): 16 - 21 .

宋国涛 . 试析美国《网络安全信息共享法案》 [J ] . 保密科学技术 , 2016 ( 6 ): 28 - 31 .

SONG G T . Analysis of the US cybersecurity information sharing act [J ] . Secrecy Science and Technology , 2016 ( 6 ): 28 - 31 .

NIST . SP800-150:guide to cyber threat information sharing [S ] . 2014 .

王沁心 , 杨望 . 基于 STIX 标准的威胁情报实体抽取研究 [J ] . 网络空间安全 , 2020 ( 8 ): 86 - 91 .

WANG Q X , YANG W . Extraction of threat intelligence entities based on STIX [J ] . Cyberspace Security , 2020 ( 8 ): 86 - 91 .

CASEY E , BACK G , BARNUM S . Leveraging CybOX™ to standardize representation and exchange of digital forensic information [J ] . Digital Investigation , 2015 , 12 : S102 - S110 .

USSATH M , JAEGER D , CHENG F , et al . Pushing the limits of cyber threat intelligence:extending STIX to support complex patterns [C ] // Information Technology:New Generations .[S.l.:s.n. ] , 2016 .

FRANSEN F , SMULDERS A , KERKDIJK R . Cyber security information exchange to gain insight into the effects of cyber threats and incidents [J ] . Elektrotechnik und Informationstechnik , 2015 , 132 ( 2 ): 106 - 112 .

林玥 , 刘鹏 , 王鹤 , 等 . 网络安全威胁情报共享与交换研究综述 [J ] . 计算机研究与发展 , 2020 , 57 ( 10 ): 2052 - 2065 .

LIN Y , LIU P , WANG H , et al . Overview of threat intelligence sharing and exchange in cybersecurity [J ] . Journal of Computer Research and Development , 2020 , 57 ( 10 ): 2052 - 2065 .

杨沛安 , 武杨 , 苏莉娅 , 等 . 网络空间威胁情报共享技术综述 [J ] . 计算机科学 , 2018 , 45 ( 6 ): 9 - 18 , 26 .

YANG P A , WU Y , SU L Y , et al . Overview of threat intelligence sharing technologies in cyberspace [J ] . Computer Science , 2018 , 45 ( 6 ): 9 - 18 , 26 .

国家市场监督管理总局 , 国家标准化管理委员会 . 信息安全技术网络安全威胁信息格式规范:GB/T 36643—2018 [S ] . 2018 .

State Administration for Market Regulation , Standardization Administration . Information security technology—cyber security threat information format:GB/T 36643—2018 [S ] . 2018 .

浏览量

212

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

运营商数字孪生网络能力成熟度模型研究

2G/3G转网视角下电信运营商物联网发展策略分析

电力企业网络安全威胁情报管理体系的研究与实践

基于大数据分析的安全威胁情报在电信运营商的落地应用

公钥密码基础设施在电信运营商的应用