Practice of Cyberspace Security Map

doi:10.11871/jfdc.issn.2096-742X.2024.01.012

Abstract

Abstract:

[Objective] In the current trend of gradual integration of cyberspace, physical space, and social space, important industry departments have accumulated a large amount of network security data in network security protection. Cyberspace security map warfare driven by Data and Business plays a very significant role in grasping the base number of assets, improving the effectiveness of data governance, and enhancing the effectiveness of network security protection, and can support network security protection and security work in an omni-directional way. [Methods] Driven by the construction of cyberspace security map warfare capability in important industries, this paper proposes an overall technical framework including an element extraction layer, a map design layer, and an intelligent cognitive layer, including entity/relationship extraction technology for threat intelligence information, automatic mapping technology for network assets, network behavior monitoring and modeling technology, intelligent mining and reasoning technology, visual expression technology and other key technical methods. It has been applied at a certain department of the electric power industry. [Results] The technical framework can be used to build a cyberspace geographic map for network security protection services, and support an omni-directional, cross-space network security monitoring and discovery, situation awareness, event handling, and emergency response. [Conclusions] The application of the cyberspace security map based on the network security geographic map has good application value and promotion prospects, and can intuitively display cross-space data, elements, and business relationships. However, it is still necessary to explore new methods and models in the field of business practice to improve the actual combat effectiveness of the cyberspace security map.

Key words: cyberspace security, cyberspace security map, knowledge graph, surveying and mapping technology for cyberspace asset

HU Wei, ZHANG Haixia, XIA Ang, WEI Jiahui, LIAN Yifeng. Practice of Cyberspace Security Map[J]. Frontiers of Data and Computing, 2024, 6(1): 125-135, https://cstr.cn/32002.14.jfdc.CN10-1649/TP.2024.01.012.

Figures/Tables 3

References 22

[1]	冯登国, 连一峰. 网络空间安全面临的挑战与对策[J]. 中国科学院院刊, 2021, 36(10): 1239-1245.
[2]	郭启全, 高春东, 郝蒙蒙, 等. 发展网络空间可视化技术支撑网络安全综合防控体系建设[J]. 中国科学院院刊, 2020, 35(7): 917-924.
[3]	高春东, 郭启全, 江东, 等. 网络空间地理学的理论基础与技术路径[J]. 地理学报, 2019, 74(9): 1709-1722. doi: 10.11821/dlxb201909001
[4]	贾焰, 亓玉璐, 尚怀军, 等. 一种构建网络安全知识图谱的实用方法[J]. Engineering, 2018, 4(1): 117-133.
[5]	王通, 艾中良, 张先国. 基于深度学习的威胁情报知识图谱构建技术[J]. 计算机与现代化, 2018, 280(12): 25-30.
[6]	PINGLE A, PIPLAI A, MITTAL S, et al. RelExt: Relation Extraction using Deep Learning approaches for Cybersecurity Knowledge Graph Improvement[C/OL]// 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), IEEE, 2020, https://ieeexplore.ieee.org/document/9073093.
[7]	TAN C, SUN F, KONG T, et al. A survey on deep transfer learning[C]// International conference on artificial neural networks. Springer, Cham, 2018: 270-279. https://arxiv.org/abs/1808.01974
[8]	DEVLIN J, CHANG M W, LEE K, et al. Bert: Pre-training of deep bidirectional transformers for language understanding[J]. arXiv preprint arXiv:1810.04805, 2018. https://arxiv.org/pdf/1810.04805.pdf
[9]	黄克振. 网络安全威胁感知关键技术研究[D]. 北京: 中国科学院大学, 2021.
[10]	GUNES M H, SARAC K. Resolving IP aliases in building traceroute-based Intemet maps[J]. IEEE/ACM Transactions on Networking(TON), 2009, 17(6): 1738-1751.
[11]	MARCHETTA P'PERSICO V PESCAPIE A. Pythia: yet another active probing technique for alias resolution[C]// The 9th ACM Conference on Emerging Networking Experiments and Technologies, 2013:229-234.
[12]	SHAVITr Y’ZILBERMAN N. Geographical intemet PoP level maps[C]// The International Conference on Traffic Monitoring&Analysis, 2012: 121-124.
[13]	SHAVITT Y’ZILBERMAN N. Improving 1P geolocation by crawling the Intemet PoP level graph[C]// The Conference on WIP Networking, 2013: 1-9.
[14]	CHENG Z, BESHLEY M, BESHLEY H, et al. Development of Deep Packet Inspection System for Network Traffic Analysis and Intrusion Detection[C]. IEEE, 2020: 877-881.
[15]	PAEK Y. Hawkware: network intrusion detection based on behavior analysis with ANNs on an IoT device[C]// 2020 57th ACM/IEEE Design Automation Conference (DAC), ACM, 2020: 1-6.
[16]	李序, 连一峰, 张海霞, 等. 网络安全知识图谱关键技术[J]. 数据与计算发展前沿, 2021, 3(3): 9-18.
[17]	QI Y, JIANG R, JIA Y, et al. Association Analysis Algorithm Based on Knowledge Graph for SPACE-Ground Integrated Network[C]// 2018 IEEE 18th International Conference on Communication Technology (ICCT), IEEE, 2018: 222-226.
[18]	陶源, 黄涛, 李末岩, 等. 基于知识图谱驱动的网络安全等级保护日志审计分析模型研究[J]. 信息网络安全, 2020, 20(1): 46-51.
[19]	HUANG Z, WEI X, KAI Y. Bidirectional LSTM-CRF Models for Sequence Tagging[J]. IEEE Intelligent Systems, 2017, 32(6): 74-80.
[20]	HOUSSEM G, ABDELAZIZ B, JANNIK L. LSTM recurrent neural networks for cybersecurity named entity recognition[C]. The Thirteenth International Conference on Software Engineering Advances, 2018: 1-6.
[21]	黄克振, 连一峰, 冯登国, 等. 一种基于图模型的网络攻击溯源方法[J]. 软件学报, 2022, 33(2): 683-698.
[22]	郭启全, 张海霞. 关键信息基础设施安全保护技术体系[J]. 信息网络安全, 2020 (11): 1-9.