Abstract:With the increasingly complexity of cyberspace security, the attack attribution has become an important challenge for the security protection system. The emergence of threat intelligence provided plentiful data source support for the attack attribution, which makes large-scale attack attribution became possible. To realize effective attack attribution, based on the structure expression of the threat information, a light weight framework of threat intelligence sharing and utilization was proposed. It included threat intelligence expression, exchange and utilization, which can achieve the attack attribution result. Take the case of C2 relevant information, we described the expression of threat intelligence sharing and utilization, and verified the framework. Results show that the framework is practical, and can provide new technical means for attack attribution. In addition, based on the understanding of threat intelligence, several thinking about the construction of sharing and utilization mechanisms were promoted in the end.
杨泽明 李 强 刘俊荣 刘宝旭. 面向攻击溯源的威胁情报共享利用研究[J]. 信息安全研究, 2015, 1(1): 31-36.
Yang Zeming, Li Qiang, Liu Junrong, and Liu Baoxu. Research of Threat Intelligence Sharing and Using for Cyber Attack Attribution. Journal of Information Security Research, 2015, 1(1): 31-36.