信息安全研究 ›› 2023, Vol. 9 ›› Issue (10): 932-.

• 漏洞挖掘与威胁检测专题 • 上一篇    下一篇

智能化漏洞挖掘与网络空间威胁发现综述

刘宝旭1,2,3,4李昊1,2孙钰杰1,2董放明1,2孙天琦1,2陈潇1,2   

  1. 1(中国科学院信息工程研究所北京100093)
    2(中国科学院大学网络空间安全学院北京100049)
    3(中国科学院网络测评技术重点实验室北京100195)
    4(网络安全防护技术北京市重点实验室北京100195)
  • 出版日期:2023-10-17 发布日期:2023-10-27
  • 通讯作者: 刘宝旭 博士,研究员.主要研究方向为网络安全攻防对抗、网络安全测评技术. liubaoxu@iie.ac.cn
  • 作者简介:刘宝旭 博士,研究员.主要研究方向为网络安全攻防对抗、网络安全测评技术. liubaoxu@iie.ac.cn 李昊 博士研究生.主要研究方向为网络威胁发现. lihao@iie.ac.cn 孙钰杰 博士研究生.主要研究方向为静态程序分析、漏洞检测. Email:sunyujie@iie.ac.cn 董放明 博士研究生.主要研究方向为网络威胁情报、安全态势感知. dongfangming@iie.ac.cn 孙天琦 硕士研究生.主要研究方向为软件供应链安全. suntianqi@iie.ac.cn 陈潇 博士研究生.主要研究方向为恶意软件分析. chenxiao1998@iie.ac.cn

Survey of Intelligent Vulnerability Mining and Cyberspace Threat Detection

  • Online:2023-10-17 Published:2023-10-27

摘要: 当前网络空间面临的威胁日益严重,大量研究关注网络空间安全防御技术及体系,其中漏洞挖掘技术可以应用于网络攻击发生前及时发现漏洞并修补,降低被入侵的风险,而威胁发现技术可以应用于网络攻击发生时及发生后的威胁检测,进而及时发现威胁并响应处置,降低入侵造成的危害和损失.分析并总结了基于智能方法进行漏洞挖掘与网络空间威胁发现的研究.其中,在智能化漏洞挖掘方面,从结合人工智能技术的漏洞补丁识别、漏洞预测、代码比对和模糊测试等几个应用分类方面总结了当前研究进展;在网络空间威胁发现方面,从基于网络流量、主机数据、恶意文件、网络威胁情报等威胁发现涉及的信息载体分类方面总结了当前研究进展.

关键词: 人工智能, 网络空间安全, 网络攻击, 威胁发现技术, 漏洞挖掘, 威胁发现技术

Abstract: At present, the threat of cyberspace is becoming more and more serious. A large number of studies have focused on cyberspace security defense techniques and systems. Vulnerability mining technique can be applied to detect and repair vulnerabilities in time before the occurrence of network attacks, reducing the risk of intrusion; while threat detection technique can be applied to threat detection during and after network attacks occur, which can detect threats in a timely manner and respond to them, reducing the harm and loss caused by intrusion. This paper analyzed and summarized the research on vulnerability mining and cyberspace threat detection based on intelligent methods. In the aspect of intelligent vulnerability mining, the current research progress is summarized from several application classifications combined with artificial intelligence technique, namely vulnerability patch identification, vulnerability prediction, code comparison and fuzz testing. In the aspect of cyberspace threat detection, the current research progress is summarized from the classification of information carriers involved in threat detection based on network traffic, host data, malicious files, and network threat intelligence.

Key words: Artificial Intelligence, cyberspace security, network attack, threat detection technology, vulnerability mining, threat detection technology

中图分类号: