ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2020, Vol. 57 ›› Issue (10): 2052-2065.doi: 10.7544/issn1000-1239.2020.20200616

所属专题: 2020密码学与数据隐私保护研究专题

• 信息安全 • 上一篇    下一篇

网络安全威胁情报共享与交换研究综述

林玥1,2,刘鹏2,王鹤1,2,王文杰2,张玉清1,2   

  1. 1(西安电子科技大学网络与信息安全学院 西安 710071);2(中国科学院大学国家计算机网络入侵防范中心 北京 101408) (liup@nipc.org.cn)
  • 出版日期: 2020-10-01
  • 基金资助: 
    国家重点研发计划项目(2018YFB0804701)

Overview of Threat Intelligence Sharing and Exchange in Cybersecurity

Lin Yue1,2, Liu Peng2, Wang He1,2, Wang Wenjie2, Zhang Yuqing1,2   

  1. 1(School of Cyber Engineering, Xidian University, Xi’an 710071);2(National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408)
  • Online: 2020-10-01
  • Supported by: 
    This work was supported by the National Key Research and Development Program of China (2018YFB0804701).

摘要: 网络空间新生威胁正在以其复杂多变的攻击方式危害着个人、组织乃至政府的利益.在传统网络安全防御手段捉肘见襟时,威胁情报共享与交换机制的提出给网络空间安全的防护带来了一丝曙光.网络安全威胁情报是对组织和机构产生潜在危害与直接危害的信息集合,这些信息能帮助组织和机构研判所面临的网络安全威胁,并据此制定决策和进行防御.威胁情报的交换与共享可以使威胁情报价值最大化,降低情报搜集成本和改善信息孤岛问题,进而提高参与共享各方的威胁检测与应急响应能力.首先介绍了网络安全威胁情报的概念和主流的威胁情报共享规范;其次,调研了近10年来国内外有关威胁情报共享与交换的文献,分析和归纳了威胁情报共享与交换的现状与发展趋势,着重从共享模型与机制、交换机制的收益分配以及共享数据的隐私保护3个角度进行了深入分析,指出了3部分存在的问题及相关解决方案,并对各方案的优缺点进行了分析讨论;最后展望了威胁情报共享与交换未来的研究趋势和方向.

关键词: 网络安全威胁情报, 威胁情报共享, 利益分配机制, 隐私保护, 共享模型

Abstract: The emerging threats in cyberspace are endangering the interests of individuals, organizations and governments with complex and changeable attack methods. When traditional network security defense methods are not strong enough, the threat intelligence sharing and exchange mechanism has brought hope to the protection of cyberspace security. Cybersecurity threat intelligence is a collection of information that can cause potential harm and direct harm to organizations and institutions. This information can help organizations and institutions study and judge the cybersecurity threats they face, and make decisions and defenses accordingly. The exchange and sharing of threat intelligence can maximize the value of threat intelligence, reduce the cost of intelligence search and allieviate the problem of information islands, thereby improving the threat detection and emergency response capabilities of all parties involved in the sharing. This article first introduces the concept of cyber security threat intelligence and mainstream threat intelligence sharing norms; secondly, it investigates the literature on threat intelligence sharing and exchange at home and abroad in the past 10 years, and analyzes and summarizes the current situation and development trend of threat intelligence sharing and exchange. The article focuses on in-depth analysis from three perspectives of sharing models and mechanisms, the distribution of benefits of the exchange mechanism, and the privacy protection of shared data. The problems in the three parts and related solutions are pointed out, and the advantages and disadvantages of each solution are analyzed and discussed. Finally, the future research trend and direction of threat intelligence sharing and exchange are prospected.

Key words: cyber threat intelligence, threat intelligence sharing, benefit distribution mechanism, privacy protection, sharing model

中图分类号: