CN109857917A - Towards the security knowledge map construction method and system for threatening information - Google Patents
Towards the security knowledge map construction method and system for threatening information Download PDFInfo
- Publication number
- CN109857917A CN109857917A CN201811569400.9A CN201811569400A CN109857917A CN 109857917 A CN109857917 A CN 109857917A CN 201811569400 A CN201811569400 A CN 201811569400A CN 109857917 A CN109857917 A CN 109857917A
- Authority
- CN
- China
- Prior art keywords
- entity
- data
- information
- module
- threat
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The present invention relates to a kind of towards the security knowledge map construction method and system for threatening information.The step of this method includes: the structural data and unstructured data that 1) acquisition threatens information;2) Knowledge Extraction is carried out to the structural data of acquisition and unstructured data, obtains threatening relationship between intelligent entity and entity;3) ontology schema based on figure is constructed, node table demonstration side of body intelligent entity therein, side indicates relationship between threat intelligent entity;4) ontology schema based on figure constructed according to step 3), relationship is stored into chart database between the threat intelligent entity that step 2) is extracted and entity, forms the knowledge mapping for threatening information.Query service further is provided using the chart database and visualizes function.Knowledge mapping technical application to Information Field is threatened, is constructed towards the security knowledge map for threatening information, by the intelligence fusion of dispersion, while improving the analysis ability of threat information by the present invention.
Description
Technical field
The invention belongs to computer network security fields, are related to a kind of knowledge mapping construction method, more particularly, to one
Kind is towards the security knowledge map construction method and system for threatening information.
Background technique
In recent years, cyberspace security context is increasingly complicated, with advances in technology, the network attack that criminal initiates
More and more advanced, hidden, especially advanced duration threatens (APT) attack to show multiple situation, traditional defensive measure without
Method meets current demand for security.In this context, this emerging technology of information is threatened to come into being.Information is threatened to describe network
Secure entity and incidence relation in space, provide decision-making foundation for threat-response, it has also become building new generation network space peace
The foundation stone defendd entirely.Threaten information as an emerging field, current research is more at random, preliminary, and there is information acquisitions
The problems such as mode is limited, and acquisition technique is to be improved, lacks analysis ability, not yet forms unified shared standard.
And knowledge mapping is since 2012 are proposed by Google, in Knowledge Extraction, knowledge fusion and knowledge reasoning
Etc. developed many research achievements, and in intelligent answer, personalized recommendation, intelligence analysis etc. plays a significant role.
In essence, knowledge mapping is a semantic net.Semantic net is used to stored knowledge, has digraph structure, wherein in figure
Vertex representation entity, semantic relation between the side presentation-entity in figure.Mixed and disorderly information is expressed as entity-relation by knowledge mapping
The knowledge of structure keeps resource easier to understand and calculates, to reach the target of intelligent semantic search.
Information Field working knowledge graphical spectrum technology is being threatened, the threat information of dispersion can merged, information output is improved
Quality, it is difficult to alleviate data outburst bring analysis, preferably excavates and using information is threatened, promoted threaten intelligence sharing, point
The many aspects application power such as analyse and utilize.
Summary of the invention
The present invention propose it is a kind of towards the security knowledge map construction method and system for threatening information, by by knowledge mapping
Technical application solves the problems such as current threat information is multi-source heterogeneous, information analysis ability is weak to Information Field is threatened.
To reach appeal purpose, the present invention is using specific technical solution:
A kind of security knowledge map construction method towards threat information, comprising the following steps:
1) data acquire.By means such as crawlers from the threat information data source of network opening, safe community blog, safety
The structuring for threatening information and unstructured data are collected in the sources such as report, are used for subsequent threat information Knowledge Extraction.
2) Knowledge Extraction.Use pattern matching and natural language processing technique carry out the threat information basic data of collection
It extracts, extracts and threaten intelligent entity and its relationship, obtain the information knowledge of high quality.
3) ontological construction.Reference configuration threat information expression formula (STIXTM) information standard is threatened, in conjunction with reality, propose
A kind of ontology schema based on figure, node table demonstration side of body intelligent entity, side indicates relationship between threat intelligent entity.
4) data dump.Use chart database as rear end storage solution, by the threat information knowledge transformation of extraction
It for certain format, stores into chart database, forms information knowledge mapping, for subsequent shared, analysis and utilize.
Further, query service is provided using the chart database and visualize function.Use data visualization
Technology to analyze, inquire resulting result carried out in a manner of scheming intuitively visualize show.
A kind of security knowledge chart system towards threat information, including data acquisition module, message queue module, entity
Abstraction module, Relation extraction module, ontological construction module and data dump module.
1, data acquisition module.Using crawler technology threat information data source open from network, safe community blog,
The sources such as safety message, which are collected, threatens information structure and unstructured data, and information will be threatened to be sent to corresponding message queue
In.
2, message queue module.Message queue is realized using RabbitMQ, using the exchanger of topic type, passes through road
The threat information data of collection is routed to corresponding abstraction module by key.
3, entity abstraction module.To structural data, its data pattern is interpreted, the matched mode of use pattern is known
Intelligent entity Chu not threatened;To unstructured text data, using natural language processing kit Stanford CoreNLP into
Row name Entity recognition, extracts threat intelligent entity.
4, Relation extraction module.To structural data, its data pattern is interpreted, the matched mode of use pattern is known
Relationship between intelligent entity Chu not threatened;Unstructured text data is used on the basis of identifying threat intelligent entity
TokensRegex frame in Stanford CoreNLP kit finds out the text sequence for meeting AD HOC, extracts reality
Relationship between body.
5, ontological construction module.Information standard is threatened with reference to STIX, the industry experience of research group, structure in conjunction with where me
A kind of figure ontology schema towards threat information with highly scalable is built, most of threat intelligent entity and pass are covered
System, as chart database mode.
6, data dump module.The maturity and ease for use of magnanimity and system based on data threaten information rear end to deposit
Storage use JanusGraph distribution chart database, using the database HBase towards column as the storage of JanusGraph after
End, uses built-in JanusGraph Server engine to interact as server component with client, data dump module passes through
The mode of Gremlin sentence is submitted to store threat information data.
It further, further include query service module.Query service module provides clothes in the form of REST interface for user
Business, is converted to corresponding Gremlin sentence for the inquiry of user, is submitted to the HTTP service interface of JanusGraph Server,
Implementing result is obtained, handles, be converted to corresponding format, returns to front end.
It further, further include visualization model.Visualization model intuitively shows query result in a manner of scheming,
User's input inquiry keyword in a browser, after clicking search, visualization model will threaten feelings using front end frames such as d3.js
Entity and relationship node and side is reported to show on interface.
Threaten information as an emerging field, current research is still in the budding stage, and knows involved in knowledge mapping
Know extraction, knowledge fusion and knowledge reasoning technology and just agrees with information judgement, asset management, Situation Awareness, feelings in threat information
The demand of report fusion and analysis.The present invention to Information Field is threatened, proposes knowledge mapping technical application a kind of towards threat feelings
The security knowledge map construction method of report, by the intelligence fusion of dispersion, while also improving the analysis ability of threat information.
Detailed description of the invention
Fig. 1 is the overall flow figure towards the security knowledge chart system for threatening information in the present invention.
Fig. 2 is the ontology schema figure that expression threatens intelligent entity and relationship defined in the present invention.
Fig. 3 is that entity extracts flow chart in the present invention.
Fig. 4 is Relation extraction flow chart between entity in the present invention.
Fig. 5 is data dump flow chart in the present invention.
Fig. 6 is query service flow chart in the present invention.
Fig. 7 is that object query visualizes schematic diagram in the present invention.
Fig. 8 is that relational query visualizes schematic diagram in the present invention.
Specific embodiment
Technical solution in embodiment in order to enable those skilled in the art to better understand the present invention, and make of the invention
Objects, features and advantages can be more obvious and easy to understand, makees with reference to the accompanying drawing with example to technological core in the present invention further
Detailed description.
In the present invention, a set of security knowledge chart system towards threat information is devised, can effectively solve the problem that above-mentioned
The problems of, the system comprises as follows:
As shown in Figure 1, being the overall flow figure of security knowledge chart system.Data acquisition module 100 is collected from network
Information data is threatened, Knowledge Extraction module (including entity abstraction module 400 is routed to by corresponding message queue module 200
With Relation extraction module 500), it therefrom extracts and threatens intelligent entity and relationship, base is then constructed by ontological construction module 300
In the ontology schema of figure, and through the storage of data dump module 600 into chart database, while passing through query service module 700
Query service and visual presentation are provided with visualization model 800.
As shown in Fig. 2, ontology schema includes threatening intelligent entity and relationship.Entity has AS (autonomous system), Campaign
(cyber campaign), Cert (digital certificate), Domain (domain name), Hacker Group (hacker's tissue), Incident (safe thing
Part), IP (network address), Mail (Email), Mailbox (E-mail address), Organization (organization),
Report (safety message), Sample (sample), TTP (Tactics, Techniques, And Procedures), URL (network address), User (identity),
Vulnerability (loophole) etc.;Relationship includes use (use), authorize (authorization), resolve (parsing), contain
(including), register (registration), host (trustship), launch (starting), belong (belonging to), refer (referring to),
Communicate (communication), target (attack), send (transmission), receive (reception) etc..
As shown in figure 3, entity extraction extracts threat intelligent entity from the information data that message queue takes out.Wherein:
Step 410, it for unstructured text data, is handled using Stanford CoreNLP kit, the work
Tool packet provides natural language processing service using built-in Web API server.It uses for the first time
When StanfordCoreNLPClient connection server, server back end can initialize service, by reading configuration file, add
Carry the function such as participle (tokenize), subordinate sentence (ssplit), part-of-speech tagging (pos), grammatical (lemma), name Entity recognition (ner)
Can, it then reads the threat intelligent entity rule defined and dictionary file, rule uses regular expression, it is right partially such as table 1
The text that client is submitted is labeled, and identifies threat intelligent entity, the token sequence after returning to mark.
Table 1 threatens information ontology rule
Step 440, it after the token sequence after client is marked, loops through, extracts and be labeled as threatening information real
The text sequence of body label to get to threaten intelligent entity.
Step 450, for structural data, the data of same information source often data pattern having the same, for not
Homologous information data writes corresponding rule extraction respectively, then judges information source according to routing key, and then using corresponding
Interface is extracted, threat intelligent entity is extracted.
As shown in figure 4, Relation extraction entity extraction after, from extracted in text or sequence threaten intelligent entity between close
System.Wherein:
Step 510, for the sequence after mark, relation schema file, such as table are write using TokensRegex pattern language
2, TokensRegex pattern languages are used to define the mode on text, emphasize for text to be described as token sequence, and in token
On write mode, many concepts from character string standard regular expression are supported, such as asterisk wildcard and capture group, and using similar
Grammer.It is to match the grammer of single token with the standard regular expression main distinction.In TokensRegex, token
It is represented as CoreMap class (being substantially the mapping that dependence key (Class) arrives attribute value (Object)), by specifying key
Attributes match is supported with matched value.Each token is indicated by [<expression>], wherein<expression>refers to
It is fixed how match attribute.Such as:
[] matches any one token;
[{ word: " cat " }] matching token of one text equal to " cat " ,/cat/ can be abbreviated as;
[word:/cat | dog/ }] token that a text is " cat " or " dog " is matched ,/cat can be abbreviated as |
dog/;
[{ ner:organization }] matches the token that an entity class is organization.
In expression formula, common attribute has word (text matches), tag (part of speech matching), ner (Entities Matching);It is common
Encirclement symbol have: [...] indicate a token;(...) indicates a capture group;{ ... } indicates attributes match;/ .../indicate base
In the regular expression of character string;" ... " indicates a character string.Occurrence is constructed by the relation schema read in file, is looked for
Relationship between corresponding entity out.
2 relation schema of table
Step 520, sequence is looped through, all sequences of matching relationship mode is found out, is mapped to relationship between entity.
Step 530, identical as entity extraction for structural data, it is extracted according to data pattern between threatening intelligent entity
Relationship.
As shown in figure 5, data dump is by the threat information knowledge store of extraction into chart database.Wherein:
Step 610, the Gremlin Server built in JanusGraph use provides interactive service, and default uses
WebSocket mode is connected to Gremlin Server service by given host and port, obtains chart database example.
Step 620, figure ergodic source GraphTraversalSource is obtained by figure example, for executing figure traversal behaviour
Make, looks into operation as additions and deletions change.
Step 630, the unique key attribute for threatening intelligent entity is defined in JanusGraph chart database mode, for about
The uniqueness of beam entity object, in the intelligent entity that storage is extracted, inquiring the entity first whether there is, if it does not exist, into
Row entity addition operation, and if it exists, then obtain the entity object, attribute is updated.
Step 640, the multiplicity constraint of relationship between threatening intelligent entity is defined in JanusGraph chart database mode
It for MULTI, i.e., is constrained without multiplicity, therefore, between the intelligent entity that storage is extracted when relationship, whether inquires the relationship side first
In the presence of, if it does not exist, progress side addition operation, and if it exists, then obtain the side object, attribute is updated.
As shown in fig. 6, query service mainly provides two interfaces: object query and correlation inquiry.Object query is according to pass
Whether the inquiry of key word has matched entity;Relational query is directly or indirectly closed according to entity class and keyword query with the entity
The entity and relationship of connection, limitation query path number are up to 100.Its query process includes:
Step 710, after user input query keyword, key word of the inquiry is packaged into query service module polls and connect by front end
The parameter format that mouth requires, then to the REST interface requests data of query service.
Step 740, by modifying the configuration file of JanusGraph, the HTTP interface of opening Gremlin Server will
Key word of the inquiry is packaged into Gremlin sentence, sends and requests to the HTTP service of Gremlin Server, Gremlin Server
Backstage executes the Gremlin sentence, returns to the result after executing.
As shown in fig. 7, user after search box input inquiry keyword, is obtained by query service and threatens intelligent entity number
According to going out a node using d3.js " picture ", show on interface, while showing the entity attributes in right-hand column.
As shown in figure 8, user after choice relation inquiry, is obtained and the entity associated on some node by query service
Threat intelligent entity and relation data, go out all nodes and side using d3.js " picture ", show on interface, while on right side
Entity attributes are chosen in display in column.
It should be noted last that the above case study on implementation is only used to illustrate the technical scheme of the present invention and not to limit it, although
It is described the invention in detail using example, those skilled in the art should understand that, it can be to technology of the invention
Scheme is modified or equivalencing, without departing from the spirit and scope of the technical solution of the present invention, should all cover in this hair
In bright scope of the claims.
Claims (10)
1. a kind of towards the security knowledge map construction method for threatening information, which comprises the following steps:
1) acquisition threatens the structural data and unstructured data of information;
2) Knowledge Extraction is carried out to the structural data of acquisition and unstructured data, obtains threatening and is closed between intelligent entity and entity
System;
3) ontology schema based on figure is constructed, node table demonstration side of body intelligent entity therein, side indicates to close between threat intelligent entity
System;
4) ontology schema based on figure constructed according to step 3), relationship between the threat intelligent entity that step 2) is extracted and entity
It stores in chart database, forms the knowledge mapping for threatening information.
2. the method according to claim 1, wherein step 1) passes through threat information number of the crawler from network opening
The structural data and unstructured data for threatening information are collected according to source, safe community blog, safety message.
3. the method according to claim 1, wherein step 1) by acquisition threat information structural data and
Unstructured data is sent in message queue, and step 2) carries out Knowledge Extraction to the data in the message queue.
4. the method according to claim 1, wherein the matching of step 2) use pattern and natural language processing technique
Carry out the Knowledge Extraction, comprising:
2.1) entity extraction step: to structural data, interpreting its data pattern, and the matched mode of use pattern identifies
Intelligent entity is threatened out;To unstructured text data, it is named Entity recognition using natural language processing tool, is extracted
Threaten intelligent entity;
2.2) Relation extraction step: to structural data, interpreting its data pattern, and the matched mode of use pattern identifies
Relationship between threat intelligent entity out;Nature is used on the basis of identifying threat intelligent entity to unstructured text data
Language processing tools find out the text sequence for meeting AD HOC, extract relationship between entity.
5. the method according to claim 1, wherein step 3) according to according to threaten information associated international standards and
Industry experience constructs the ontology schema based on figure.
6. the method according to claim 1, wherein step 4) use JanusGraph distribution chart database,
Storage rear end using the database HBase towards column as JanusGraph is drawn using built-in JanusGraph Server
It holds up and is interacted as server component with client, store threat information data by way of submitting Gremlin sentence.
7. the method according to claim 1, wherein step 4) using the chart database provide query service and
Visualize function.
8. the method according to the description of claim 7 is characterized in that the query service is mentioned in the form of REST interface for user
For service, the inquiry of user is converted into corresponding Gremlin sentence, is submitted to the HTTP service of JanusGraph Server
Interface obtains implementing result;The visual presentation function intuitively shows query result in a manner of scheming, and exists in user
Input inquiry keyword and after clicking search in browser, will threaten intelligent entity and relationship node and side to show at interface
On.
9. a kind of towards the security knowledge map construction system for threatening information, which is characterized in that including data acquisition module, message
Queue module, entity abstraction module, Relation extraction module, ontological construction module and data dump module;
The data acquisition module is used to acquire the structural data and unstructured data for threatening information, and is sent to described disappear
Cease Queue module;
The message queue module is used to receive the structural data and non-knot of the threat information of the data collecting module collected
Structure data, and the entity abstraction module and the Relation extraction module are sent it to by routing;
The entity abstraction module is used to extract threat information from the structural data and unstructured data for threatening information
Entity;
The Relation extraction module is used to from the structural data and unstructured data for threatening information extract and close between entity
System;
The ontological construction module is for constructing the ontology schema based on figure, node table demonstration side of body intelligent entity therein, side table
Relationship between demonstration side of body intelligent entity;
The data dump module is used for the ontology schema based on figure constructed according to the ontological construction module, by the entity
Relationship is stored into chart database between the entity that the threat intelligent entity and the Relation extraction module that abstraction module extracts extract,
It is formed towards the security knowledge map for threatening information.
10. system according to claim 9, which is characterized in that further include query service module and visualization model:
The query service module provides service in the form of REST interface for user, and the inquiry of user is converted to accordingly
Gremlin sentence is submitted to the HTTP service interface of JanusGraph Server, obtains implementing result;
The visualization model is intuitively shown that input inquiry is closed in a browser in user to query result in a manner of scheming
Key word and after clicking search, will threaten intelligent entity and relationship node and side to show on interface.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811569400.9A CN109857917B (en) | 2018-12-21 | 2018-12-21 | Security knowledge graph construction method and system for threat intelligence |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811569400.9A CN109857917B (en) | 2018-12-21 | 2018-12-21 | Security knowledge graph construction method and system for threat intelligence |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109857917A true CN109857917A (en) | 2019-06-07 |
CN109857917B CN109857917B (en) | 2021-07-13 |
Family
ID=66891770
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811569400.9A Active CN109857917B (en) | 2018-12-21 | 2018-12-21 | Security knowledge graph construction method and system for threat intelligence |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109857917B (en) |
Cited By (36)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110363586A (en) * | 2019-07-03 | 2019-10-22 | 哈尔滨工业大学(威海) | A kind of man-machine interactive system and its data processing method towards intelligence analysis |
CN110532480A (en) * | 2019-07-15 | 2019-12-03 | 中国科学院信息工程研究所 | It is a kind of to read the knowledge mapping construction method for threatening information to recommend for people and threaten information recommended method |
CN110717049A (en) * | 2019-08-29 | 2020-01-21 | 四川大学 | Text data-oriented threat information knowledge graph construction method |
CN110866057A (en) * | 2019-11-12 | 2020-03-06 | 北京明略软件系统有限公司 | Method and device for realizing data processing, computer storage medium and terminal |
CN110909178A (en) * | 2019-11-22 | 2020-03-24 | 上海交通大学 | System and method for collecting threat information of darknet and associating information |
CN111008284A (en) * | 2019-11-29 | 2020-04-14 | 北京数起科技有限公司 | Method and device for executing atlas analysis and service system thereof |
CN111026874A (en) * | 2019-11-22 | 2020-04-17 | 海信集团有限公司 | Data processing method and server of knowledge graph |
CN111090683A (en) * | 2019-11-29 | 2020-05-01 | 上海勘察设计研究院(集团)有限公司 | Engineering field knowledge graph construction method and generation device thereof |
CN111160749A (en) * | 2019-12-23 | 2020-05-15 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for evaluating information quality and fusing information |
CN111163086A (en) * | 2019-12-27 | 2020-05-15 | 北京工业大学 | Multi-source heterogeneous network security knowledge graph construction and application method |
CN111181959A (en) * | 2019-12-30 | 2020-05-19 | 论客科技(广州)有限公司 | Method and device for constructing threat information knowledge graph based on mail data |
CN111259086A (en) * | 2019-12-31 | 2020-06-09 | 的卢技术有限公司 | Knowledge graph architecture implementation method and system based on cloud computing |
CN111277560A (en) * | 2019-12-24 | 2020-06-12 | 普世(南京)智能科技有限公司 | Safe information acquisition, import and compilation method and system based on high-bandwidth physical isolation unidirectional transmission |
CN111431939A (en) * | 2020-04-24 | 2020-07-17 | 郑州大学体育学院 | CTI-based SDN malicious traffic defense method and system |
CN111552855A (en) * | 2020-04-30 | 2020-08-18 | 北京邮电大学 | Network threat information automatic extraction method based on deep learning |
CN111581397A (en) * | 2020-05-07 | 2020-08-25 | 南方电网科学研究院有限责任公司 | Network attack tracing method, device and equipment based on knowledge graph |
CN111739595A (en) * | 2020-07-24 | 2020-10-02 | 湖南创星科技股份有限公司 | Medical big data sharing analysis method and device |
CN111931935A (en) * | 2020-09-27 | 2020-11-13 | 中国人民解放军国防科技大学 | Network security knowledge extraction method and device based on One-shot learning |
CN112131882A (en) * | 2020-09-30 | 2020-12-25 | 绿盟科技集团股份有限公司 | Multi-source heterogeneous network security knowledge graph construction method and device |
CN112187716A (en) * | 2020-08-26 | 2021-01-05 | 中国科学院信息工程研究所 | Knowledge graph display method for malicious codes in network attack |
CN112269316A (en) * | 2020-10-28 | 2021-01-26 | 中国科学院信息工程研究所 | High-robustness threat hunting system and method based on graph neural network |
CN112307292A (en) * | 2020-10-30 | 2021-02-02 | 中国信息安全测评中心 | Information processing method and system based on advanced persistent threat attack |
CN112307170A (en) * | 2020-10-29 | 2021-02-02 | 首都师范大学 | Relation extraction model training method, relation extraction method, device and medium |
CN112769775A (en) * | 2020-12-25 | 2021-05-07 | 深信服科技股份有限公司 | Threat information correlation analysis method, system, equipment and computer medium |
CN112800243A (en) * | 2021-02-04 | 2021-05-14 | 天津德尔塔科技有限公司 | Project budget analysis method and system based on knowledge graph |
CN112948638A (en) * | 2019-12-11 | 2021-06-11 | 中国移动通信集团海南有限公司 | Map construction method and device, storage medium and computer equipment |
CN113420150A (en) * | 2021-07-06 | 2021-09-21 | 北京信安天途科技有限公司 | Threat intelligence knowledge detection method, device, computing equipment and storage medium |
CN113507486A (en) * | 2021-09-06 | 2021-10-15 | 中国人民解放军国防科技大学 | Method and device for constructing knowledge graph of important infrastructure of internet |
CN113595994A (en) * | 2021-07-12 | 2021-11-02 | 深信服科技股份有限公司 | Abnormal mail detection method and device, electronic equipment and storage medium |
CN113626823A (en) * | 2021-06-29 | 2021-11-09 | 中国科学院信息工程研究所 | Reachability analysis-based inter-component interaction threat detection method and device |
CN113901466A (en) * | 2021-09-17 | 2022-01-07 | 四川大学 | Open-source community-oriented security tool knowledge graph construction method and device |
CN114844681A (en) * | 2022-04-11 | 2022-08-02 | 中国科学院信息工程研究所 | Analysis method, system, electronic device and storage medium based on association diagram |
CN115051843A (en) * | 2022-06-06 | 2022-09-13 | 华北电力大学 | KGE-based block chain threat information knowledge graph reasoning method |
CN115422242A (en) * | 2022-11-07 | 2022-12-02 | 北京微步在线科技有限公司 | Information query method and device |
CN116545740A (en) * | 2023-05-30 | 2023-08-04 | 阿锐巴数据科技(上海)有限公司 | Threat behavior analysis method and server based on big data |
WO2023219738A1 (en) * | 2022-05-12 | 2023-11-16 | Microsoft Technology Licensing, Llc | Networked device discovery and management |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105468605A (en) * | 2014-08-25 | 2016-04-06 | 济南中林信息科技有限公司 | Entity information map generation method and device |
CN106776711A (en) * | 2016-11-14 | 2017-05-31 | 浙江大学 | A kind of Chinese medical knowledge mapping construction method based on deep learning |
CN106815293A (en) * | 2016-12-08 | 2017-06-09 | 中国电子科技集团公司第三十二研究所 | System and method for constructing knowledge graph for information analysis |
US20170278181A1 (en) * | 2016-03-24 | 2017-09-28 | Rajan Shah | System and method for providing financial assistant |
CN107766483A (en) * | 2017-10-13 | 2018-03-06 | 华中科技大学 | The interactive answering method and system of a kind of knowledge based collection of illustrative plates |
-
2018
- 2018-12-21 CN CN201811569400.9A patent/CN109857917B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105468605A (en) * | 2014-08-25 | 2016-04-06 | 济南中林信息科技有限公司 | Entity information map generation method and device |
US20170278181A1 (en) * | 2016-03-24 | 2017-09-28 | Rajan Shah | System and method for providing financial assistant |
CN106776711A (en) * | 2016-11-14 | 2017-05-31 | 浙江大学 | A kind of Chinese medical knowledge mapping construction method based on deep learning |
CN106815293A (en) * | 2016-12-08 | 2017-06-09 | 中国电子科技集团公司第三十二研究所 | System and method for constructing knowledge graph for information analysis |
CN107766483A (en) * | 2017-10-13 | 2018-03-06 | 华中科技大学 | The interactive answering method and system of a kind of knowledge based collection of illustrative plates |
Non-Patent Citations (2)
Title |
---|
丁振凡: "《Spring3.X编程技术与应用》", 31 August 2013 * |
李曼 等: "高校政府采购与招标投资管理实践与探析", 《试验技术与管理》 * |
Cited By (50)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110363586A (en) * | 2019-07-03 | 2019-10-22 | 哈尔滨工业大学(威海) | A kind of man-machine interactive system and its data processing method towards intelligence analysis |
CN110532480A (en) * | 2019-07-15 | 2019-12-03 | 中国科学院信息工程研究所 | It is a kind of to read the knowledge mapping construction method for threatening information to recommend for people and threaten information recommended method |
CN110532480B (en) * | 2019-07-15 | 2022-06-17 | 中国科学院信息工程研究所 | Knowledge graph construction method for recommending human-read threat information and threat information recommendation method |
CN110717049B (en) * | 2019-08-29 | 2020-12-04 | 四川大学 | Text data-oriented threat information knowledge graph construction method |
CN110717049A (en) * | 2019-08-29 | 2020-01-21 | 四川大学 | Text data-oriented threat information knowledge graph construction method |
CN110866057A (en) * | 2019-11-12 | 2020-03-06 | 北京明略软件系统有限公司 | Method and device for realizing data processing, computer storage medium and terminal |
CN111026874A (en) * | 2019-11-22 | 2020-04-17 | 海信集团有限公司 | Data processing method and server of knowledge graph |
CN110909178A (en) * | 2019-11-22 | 2020-03-24 | 上海交通大学 | System and method for collecting threat information of darknet and associating information |
CN111090683A (en) * | 2019-11-29 | 2020-05-01 | 上海勘察设计研究院(集团)有限公司 | Engineering field knowledge graph construction method and generation device thereof |
CN111008284A (en) * | 2019-11-29 | 2020-04-14 | 北京数起科技有限公司 | Method and device for executing atlas analysis and service system thereof |
CN111090683B (en) * | 2019-11-29 | 2023-12-22 | 上海勘察设计研究院(集团)股份有限公司 | Knowledge graph construction method and generation device thereof in engineering field |
CN112948638A (en) * | 2019-12-11 | 2021-06-11 | 中国移动通信集团海南有限公司 | Map construction method and device, storage medium and computer equipment |
CN112948638B (en) * | 2019-12-11 | 2023-09-05 | 中国移动通信集团海南有限公司 | Map construction method, device, storage medium and computer equipment |
CN111160749B (en) * | 2019-12-23 | 2023-07-21 | 绿盟科技集团股份有限公司 | Information quality assessment and information fusion method and device |
CN111160749A (en) * | 2019-12-23 | 2020-05-15 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for evaluating information quality and fusing information |
CN111277560A (en) * | 2019-12-24 | 2020-06-12 | 普世(南京)智能科技有限公司 | Safe information acquisition, import and compilation method and system based on high-bandwidth physical isolation unidirectional transmission |
CN111163086A (en) * | 2019-12-27 | 2020-05-15 | 北京工业大学 | Multi-source heterogeneous network security knowledge graph construction and application method |
CN111163086B (en) * | 2019-12-27 | 2022-06-07 | 北京工业大学 | Multi-source heterogeneous network security knowledge graph construction and application method |
CN111181959A (en) * | 2019-12-30 | 2020-05-19 | 论客科技(广州)有限公司 | Method and device for constructing threat information knowledge graph based on mail data |
WO2021136314A1 (en) * | 2019-12-30 | 2021-07-08 | 论客科技(广州)有限公司 | Threat intelligence knowledge graph construction method and device based on mail data |
CN111259086A (en) * | 2019-12-31 | 2020-06-09 | 的卢技术有限公司 | Knowledge graph architecture implementation method and system based on cloud computing |
CN111431939B (en) * | 2020-04-24 | 2022-03-22 | 郑州大学体育学院 | CTI-based SDN malicious flow defense method |
CN111431939A (en) * | 2020-04-24 | 2020-07-17 | 郑州大学体育学院 | CTI-based SDN malicious traffic defense method and system |
CN111552855A (en) * | 2020-04-30 | 2020-08-18 | 北京邮电大学 | Network threat information automatic extraction method based on deep learning |
CN111552855B (en) * | 2020-04-30 | 2023-08-25 | 北京邮电大学 | Network threat information automatic extraction method based on deep learning |
CN111581397A (en) * | 2020-05-07 | 2020-08-25 | 南方电网科学研究院有限责任公司 | Network attack tracing method, device and equipment based on knowledge graph |
CN111739595A (en) * | 2020-07-24 | 2020-10-02 | 湖南创星科技股份有限公司 | Medical big data sharing analysis method and device |
CN112187716A (en) * | 2020-08-26 | 2021-01-05 | 中国科学院信息工程研究所 | Knowledge graph display method for malicious codes in network attack |
CN111931935B (en) * | 2020-09-27 | 2021-01-15 | 中国人民解放军国防科技大学 | Network security knowledge extraction method and device based on One-shot learning |
CN111931935A (en) * | 2020-09-27 | 2020-11-13 | 中国人民解放军国防科技大学 | Network security knowledge extraction method and device based on One-shot learning |
CN112131882A (en) * | 2020-09-30 | 2020-12-25 | 绿盟科技集团股份有限公司 | Multi-source heterogeneous network security knowledge graph construction method and device |
CN112131882B (en) * | 2020-09-30 | 2024-02-13 | 绿盟科技集团股份有限公司 | Multi-source heterogeneous network security knowledge graph construction method and device |
CN112269316A (en) * | 2020-10-28 | 2021-01-26 | 中国科学院信息工程研究所 | High-robustness threat hunting system and method based on graph neural network |
CN112307170A (en) * | 2020-10-29 | 2021-02-02 | 首都师范大学 | Relation extraction model training method, relation extraction method, device and medium |
CN112307292A (en) * | 2020-10-30 | 2021-02-02 | 中国信息安全测评中心 | Information processing method and system based on advanced persistent threat attack |
CN112769775A (en) * | 2020-12-25 | 2021-05-07 | 深信服科技股份有限公司 | Threat information correlation analysis method, system, equipment and computer medium |
CN112800243A (en) * | 2021-02-04 | 2021-05-14 | 天津德尔塔科技有限公司 | Project budget analysis method and system based on knowledge graph |
CN113626823A (en) * | 2021-06-29 | 2021-11-09 | 中国科学院信息工程研究所 | Reachability analysis-based inter-component interaction threat detection method and device |
CN113420150A (en) * | 2021-07-06 | 2021-09-21 | 北京信安天途科技有限公司 | Threat intelligence knowledge detection method, device, computing equipment and storage medium |
CN113595994A (en) * | 2021-07-12 | 2021-11-02 | 深信服科技股份有限公司 | Abnormal mail detection method and device, electronic equipment and storage medium |
CN113507486B (en) * | 2021-09-06 | 2021-11-19 | 中国人民解放军国防科技大学 | Method and device for constructing knowledge graph of important infrastructure of internet |
CN113507486A (en) * | 2021-09-06 | 2021-10-15 | 中国人民解放军国防科技大学 | Method and device for constructing knowledge graph of important infrastructure of internet |
CN113901466A (en) * | 2021-09-17 | 2022-01-07 | 四川大学 | Open-source community-oriented security tool knowledge graph construction method and device |
CN114844681A (en) * | 2022-04-11 | 2022-08-02 | 中国科学院信息工程研究所 | Analysis method, system, electronic device and storage medium based on association diagram |
WO2023219738A1 (en) * | 2022-05-12 | 2023-11-16 | Microsoft Technology Licensing, Llc | Networked device discovery and management |
CN115051843A (en) * | 2022-06-06 | 2022-09-13 | 华北电力大学 | KGE-based block chain threat information knowledge graph reasoning method |
CN115422242A (en) * | 2022-11-07 | 2022-12-02 | 北京微步在线科技有限公司 | Information query method and device |
CN115422242B (en) * | 2022-11-07 | 2023-03-10 | 北京微步在线科技有限公司 | Information query method and device |
CN116545740A (en) * | 2023-05-30 | 2023-08-04 | 阿锐巴数据科技(上海)有限公司 | Threat behavior analysis method and server based on big data |
CN116545740B (en) * | 2023-05-30 | 2024-05-14 | 阿锐巴数据科技(上海)有限公司 | Threat behavior analysis method and server based on big data |
Also Published As
Publication number | Publication date |
---|---|
CN109857917B (en) | 2021-07-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109857917A (en) | Towards the security knowledge map construction method and system for threatening information | |
CN110717049B (en) | Text data-oriented threat information knowledge graph construction method | |
CN103631882B (en) | Semantization service generation system and method based on graph mining technique | |
CN110119469A (en) | A kind of data collection and transmission and method towards darknet | |
JP5681041B2 (en) | Name identification rule generation method, apparatus, and program | |
Baumgarten et al. | User-driven navigation pattern discovery from internet data | |
CN113841142B (en) | Method, apparatus and computer program for providing network security using knowledge graph | |
CN109635120A (en) | Construction method, device and the storage medium of knowledge mapping | |
Sun et al. | Ethereum analysis via node clustering | |
CN112765366A (en) | APT (android Package) organization portrait construction method based on knowledge map | |
Jindal et al. | Construction of domain ontology utilizing formal concept analysis and social media analytics | |
CN111611309A (en) | Interactive visualization method for call ticket data relation network | |
CN109783484A (en) | The construction method and system of the data service platform of knowledge based map | |
CN104516954A (en) | Visualized evidence obtaining and analyzing system | |
Ochian et al. | Big data search for environmental telemetry | |
Lv et al. | A study of bitcoin de-anonymization: graph and multidimensional data analysis | |
Ahamed et al. | An Efficient Mechanism for Deep Web Data Extraction Based on Tree‐Structured Web Pattern Matching | |
CN104765763B (en) | A kind of semantic matching method of the Heterogeneous Spatial Information classification of service based on concept lattice | |
CN109344173A (en) | Data managing method and device, data structure | |
CN112003884B (en) | Method for collecting network assets and retrieving natural language | |
Youn et al. | Research on Cyber IPB Visualization Method based on BGP Archive Data for Cyber Situation Awareness. | |
Barrero et al. | Adapting searchy to extract data using evolved wrappers | |
Chen et al. | Research on ontology-based network security knowledge map | |
Grant et al. | Contextualized semantic analysis of web services | |
CN104111965B (en) | OGC geographic information services based on differential matrix describe vocabulary reduction method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |