基于区块链的威胁情报共享及评级技术研究

随着计算机和网络技术的快速发展,网络安全事件频发,安全漏洞不断,威胁情报的作用和价值越来越大。基于区块链的开放、共识、自治和去中心、去信任、不可篡改、可追溯等特点,提出了通过区块链技术构建威胁情报信息的区块,包括IP地址信息、域名信息、URL信息、安全事件信息、漏洞信息、威胁情报源可信度、威胁情报源贡献率等;并设计了基于区块链的威胁情报共享和评级系统,给出了相应的基于区块链的威胁情报共享方法和评级方法,可以实现及时有效获取及分析出最新、最有价值的威胁情报信息,从而及时进行防护及应急响应,促进整个威胁情报生态的闭环持续有效开展。

Research on threat intelligence sharing and rating technology based on Blockchain

With the rapid development of computer and network technology,cyber security incidents occur frequently and security vulnerabilities are emerging endlessly,so the role and value of threat intelligence are increasing.Based on the characteristics of blockchain such as openness,consensus,autonomy and decentralization,trustlessness,nontampering,and traceability,the paper proposes using blockchain technology to build blocks of threat intelligence information,including IP address information,domain name information,URLs Information,security incident information,vulnerability information,threat intelligence source credibility,threat intelligence source contribution rate,etc.A threat intelligence sharing and rating system based on blockchain is designed in the paper,and the corresponding threat intelligence sharing method and rating method based on blockchain are given.It can acquire and analyze the latest and most valuable threat intelligence information timely and effectively,so as to perform protection and emergency response timely,and promote the continuous and effective development of the closed loop of the entire threat intelligence ecosystem.