Threat intelligence attribution method based on graph attention mechanism

被引：0

作者：

Wang, Ting ^{[1
,2
]}

Yan, Hanbing ^{[2
]}

Lang, Bo ^{[1
]}

机构：

[1] School of Computer Science and Engineering, Beihang University, Beijing

[2] National Computer Network Emergency Response Technical Team, Coordination Center of China, Beijing

来源：

Beijing Hangkong Hangtian Daxue Xuebao/Journal of Beijing University of Aeronautics and Astronautics | 2024年 / 50卷 / 07期

关键词：

advanced persistent threat organization; attack source tracing; graph attention mechanism; knowledge graph; threat intelligence;

D O I：

10.13700/j.bh.1001-5965.2022.0590

中图分类号：

学科分类号：

摘要：

Threat intelligence correlation analysis has become an effective way to trace the source of cyber attacks. The threat intelligence analysis reports of different advanced persistent threat (APT) organizations were crawled from the public threat intelligence sources, and a threat intelligence report classification method based on graph attention mechanism was proposed, which was to detect whether the newly generated threat intelligence analysis report categories were known attack organizations, so as to facilitate further expert analysis. By designing a threat intelligence knowledge graph, extracting tactical and technical intelligence, mining the attributes of malicious samples, IPs and domain names, constructing a complex network, and using the graph attention neural network to classify the threat intelligence reporting nodes. Evaluation indicates that the method can achieve an accuracy rate of 78% while considering the uneven distribution of categories, which can effectively achieve the purpose of judging the organization to which the threat intelligence report belongs. © 2024 Beijing University of Aeronautics and Astronautics (BUAA). All rights reserved.

引用

页码：2293 / 2303

页数：10

共 29 条

[1] YIN Y, ZHANG H B, LIU B, Et al., Threat intelligence technology in network security situation awareness, Journal of Hebei University of Science and Technology, 42, 2, pp. 195-204, (2021)
[2] WANG H, YANG T C., Network threat intelligence correlation analysis technology, Information Technology, 45, 2, pp. 26-32, (2021)
[3] LYU Q S, DING M, LIU Q, Et al., Are we really making much progress? Revisiting, benchmarking and refining heterogeneous graph neural networks, Proceedings of the ACM SIGKDD Conference on Knowledge Discovery & Data Mining, pp. 1150-1160, (2021)
[4] ZHAO N, LI L, LIU Q C, Et al., Analysis and management of threat intelligence based on OSINT, Journal of Intelligence, 40, 11, pp. 16-22, (2021)
[5] DANG C H, MA Z W, SHAO G F, Et al., Research on defense system based on big data and threat intelligence, Computer & Network, 47, 15, pp. 46-47, (2021)
[6] HE Z P, LIU P, WANG H., Analysis on standardization construction of cyber threat intelligence, Journal of Information Security Research, 7, 6, pp. 503-511, (2021)
[7] ZHANG H B, YIN Y, ZHAO D M, Et al., Network security situational awareness model based on threat intelligence, Journal on Communications, 42, 6, pp. 182-194, (2021)
[8] ZHAO Y., Green alliance threat intelligence solution, Information Security and Communications Privacy, 18, S1, pp. 23-28, (2020)
[9] VELICKOVIC P, CUCURULL G, CASANOVA A, Et al., Graph attention networks
[10] HUANG K Z, LIAN Y F, FENG D G, Et al., Method of cyber attack attribution based on graph model, Journal of Software, 33, 2, pp. 683-698, (2022)

← 1 2 3 →