| 引用本文: |
-
王鹏,戴光祥,吴鹏一,彭煊烨,翟立东.网络威胁情报共享:机遇与挑战[J].信息安全学报,已采用 [点击复制]
- wang peng,dai guangxiang,wu pengyi,peng xuanye,zhai lidong.Cyber Threat Intelligence Sharing: Opportunity and Challenge[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 随着网络攻防态势的不断演变,以堆砌安全设备和被动防御为特点的传统安全防御模式已无法应对日益频繁和高度复杂的网络攻击,而具有“一点发现,全局共享,协同联动”特点的威胁情报解决方案逐渐受到重视,由情报驱动的动态防御成为安全运营的主流方案,威胁情报只有大范围共享才能够实现其最大化价值,已经成为业界共识。为最大程度地利用威胁情报信息,解决当前安全领域所面临的信息孤岛和流动限制问题,威胁情报的共享与交换成为研究热点。本文在以往威胁情报共享综述文章的基础上,着重对近五年的威胁情报共享相关文献和业界成果进行调研,结合最新的发展动态,重新梳理和总结了威胁情报的基本概念,并从六个方面概括了学术界和业界在威胁情报共享领域的最新工作和贡献。特别地,针对威胁情报共享面临的共性问题,本文深入剖析问题本质,并根据问题归纳了最新的研究方法和解决方案,并对同类方法和方案进行了深入比较和总结分析。最后,基于问题分析和研究方案的局限性分析,对威胁情报共享的未来研究方向和发展趋势进行了展望,希望能为未来研究人员提供参考,也为业界提供更为有效的指导与建议。 |
| 关键词: 威胁情报 情报共享 隐私保护 信任障碍 质量评估 利益分配 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2025.04.13 |
| 投稿时间:2024-01-12修订日期:2024-02-23 |
| 基金项目: |
|
| Cyber Threat Intelligence Sharing: Opportunity and Challenge |
|
wang peng, dai guangxiang, wu pengyi, peng xuanye, zhai lidong
|
| (Institute of Information Engineering, Chinese Academy of Sciences) |
| Abstract: |
| With the continuous evolution of the network attack and defense situation, the traditional security defense mode characterized by stacking security equipment and passive defense can no longer cope with the increasingly frequent and highly complex attacks, and the threat intelligence solution with the characteristics of “one point discovery, global sharing, cooperative linkage” has gradually been emphasized, and intelligence-driven dynamic defense has emerged as the prevailing method in security operations. It has also become an industry consensus that only wide-scale sharing of threat intelligence can realize its maximized value. In order to maximize the use of threat intelligence information, to solve the problem of information silos and flow restrictions faced by the current security field, there is a pressing need to research the sharing and exchange of threat intelligence. This paper focuses on reviewing the literature and industry achievements related to threat intelligence sharing over the past five years, drawing from previous threat intelligence sharing review articles. It combines these findings with the latest developments to present a comprehensive analysis. The paper rearranges and summarizes the fundamental concepts of threat intelligence, while highlighting the recent contributions of academia and industry in six specific areas of threat intelligence sharing. This paper specifically focuses on conducting an in-depth analysis of the common problems encountered in threat intelligence sharing. It provides a thorough examination of the nature of these problems, summarizes the latest research methods and solutions tailored to address them, and carries out a meticulous comparative analysis of similar approaches and solutions. Finally, the paper provides an outlook on the future research direction and development trends in threat intelligence sharing, which is based on thorough analysis of problems and the limitations of current research solutions, hoping to provide a valuable reference for future researchers and offer more effective guidance and suggestions for the industry. |
| Key words: threat intelligence intelligence sharing privacy protection trust barriers quality assessment distribution of benefit |
