Cyber Threat Intelligence Propagation Based on Conformal Prediction

doi:10.3969/j.issn.1671-1122.2020.06.011

Netinfo Security ›› 2020, Vol. 20 ›› Issue (6): 90-95.doi: 10.3969/j.issn.1671-1122.2020.06.011

Previous Articles Next Articles

Cyber Threat Intelligence Propagation Based on Conformal Prediction

ZHANG Yongsheng¹, WANG Zhi²(), WU Yijie², DU Zhenhua³

1. East China Regional Air Traffic Management Bureau, CAAC, Shanghai 200335, China
2. College of Cyber Science, Nankai University, Tianjin 300350, China
3. National Computer Virus Emergency Response Center, Tianjin 300457, China

Received:2020-04-06 Online:2020-06-10 Published:2020-10-21
Contact: WANG Zhi E-mail:zwang@nankai.edu.cn

Abstract

Abstract:

The ability to acquire and utilize unknown threat intelligence is the core competitiveness of the current cyberspace security. The threat intelligence has the characteristics of short-lived, fast mutation, large quantity and so on. Therefore, the detection method based on static threshold cannot fully utilize known threat intelligence. This paper proposes an approach of threat intelligence propagation method based on conformal prediction. By introducing the credibility and confidence from statistical learning, this approach could propagate unknown threat intelligence from known ones with selectable maximum error probability. The experimental results show that the average F1 score of DGA domain names detected by this approach is above 90%, meanwhile, the error rate of DGA domain name after propagation is under 2.5%.

Key words: threat intelligence, malicious domain, domain generation algorithm, conformal prediction

CLC Number:

TP309

ZHANG Yongsheng, WANG Zhi, WU Yijie, DU Zhenhua. Cyber Threat Intelligence Propagation Based on Conformal Prediction[J]. Netinfo Security, 2020, 20(6): 90-95.

Figures/Tables 8

References 10

[1]	WIEM T, HELMI R. A Survey on Technical Threat Tntelligence in the Age of Sophisticated Cyber Attacks[J]. Computer and Security, 2018,72(C):212-233.
[2]	SAMUEL S, DOMINIK T, PATRICK H. FANCI: Feature-based Automated NXDomain Classification and Intelligence [C]//USENIX. The 27th USENIX Security Symposium, August 15-17, 2018, Baltimore, MD, USA. Berkeley: USNIX Association, 2018: 1165-1181.
[3]	ZHANG Y, EGELMAN S, CRANOR L, et al. Phinding Phish: Evaluating Anti-phishing Tools[R]. Pittsburgh, Pennsylvania: CMU, CMU-CyLab-06-018, 2006.
[4]	SAHOO D, LIU C, HOI S C H. Malicious URL Detection Using Machine Learning: a Survey[EB/OL]. https://arxiv.org/pdf/1701.07179.pdf, 2020 -2-12.
[5]	WOODBRIDGE J, ANDERSON H S, AHUJA A, et al. Predicting Domain Generation Algorithms with Long Short-term Memory Networks[EB/OL]. https://arxiv.org/pdf/1611.00791.pdf, 2020 -2-11.
[6]	DAVUTH N, KIM S R. Classification of Malicious Domain Names using Support Vector Machine and Bi-gram Method[J]. International Journal of Security and Its Applications, 2013,7(1):51-58.
[7]	SAXE J, BERLIN K. eXpose: A Character-level Convolutional Neural Network with Embeddings for Detecting Malicious URLs, file paths and registry keys[EB/OL]. https://arxiv.org/pdf/1702.08568.pdf, 2020 -2-11.
[8]	SHI Yong, CHEN Gong, LI Juntao. Malicious Domain Name Detection Based on Extreme Machine Learning[J]. Neural Processing Letters, 2018,48(3):1347-1357.
[9]	HOCHREITER S, SCHMIDHUBER J. Long Short-term Memory[J]. Neural computation, 1997,9(8):1735-1780. URL pmid: 9377276
[10]	ROBERTO J, KUMAR S, SANTANU K D, et al. Transcend: Detecting Concept Drift in Malware Classification Models [C]//USENIX. The 26th USENIX Security Symposium, August 16-18, 2017, Vancouver, BC, Canada. Berkeley: USNIX Association, 2017: 625-642.

Cyber Threat Intelligence Propagation Based on Conformal Prediction

RichHTML

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 10

Related Articles 6

Recommended Articles

Metrics

Comments

[1]	WU Jing, LU Tianliang, DU Yanhui. Generation of Malicious Domain Training Data Based on Improved Char-RNN Model [J]. Netinfo Security, 2020, 20(9): 6-11.
[2]	LUO Zheng, ZHANG Xueqian. A Malicious Domain Name Detection Model Based on S-Kohonen Neural Network Optimized by Evolutionary Thinking Algorithm [J]. Netinfo Security, 2020, 20(6): 82-89.
[3]	GU Zhaojun, REN Yitong, LIU Chunbo, WANG Zhi. Intranet Log Anomaly Detection Model Based on Conformal Prediction [J]. Netinfo Security, 2020, 20(3): 45-50.
[4]	Guotian XU. Generation Algorithm Crack Based on DGA Domain Name of Malicious Program [J]. Netinfo Security, 2017, 17(9): 26-29.
[5]	Lei GUAN, Guangjun HU, Zhuan WANG. Research on Network Security Situational Awareness Technology Based on Big Data [J]. Netinfo Security, 2016, 16(9): 45-50.
[6]	Liping XU, Wenjiang HAO. Analysis and Enlightenment of US Government and Enterprise Cyber Threat Intelligence [J]. Netinfo Security, 2016, 16(9): 278-284.