为了应对更加复杂的攻击,如何便捷地分享交流安全情报成为针对特定攻击目标检测、响应和防止的关键问题。基于国内外共享的威胁情报和OpenIOC 框架,实时获取国内外海量共享的威胁情报数据,对其进行爬取、解析和分类,通过基于沙箱的恶意代码分析平台进行威胁行为的检测分析,最后结合机器学习算法自动生成可机读、共享的IOC 文件,从而对最新广泛流行的攻击行为做出快速响应。%How to deal with more complex attack and easily share the security information now becomes the key point of detection , response and prevention of specific target. Based on the threat intelligence and OpenIOC framework, real-time access to and analysis on the massive threat intelligence data both at home and abroad are done with the sandbox malware analyzer named cuckoo. Finally by machine learning algorithm, the indicator of compromiseis automatically generated, which can be shared and machine readable. And it is thus possible to make guick response to the latest and most popular attacks.
展开▼
