將網路威脅情報與多視角分析和雙聚類結合：一種多維視覺化方法;Enhancing Cyber Threat Intelligence (CTI) with Multiple-View Analysis and Biclustering: A Multi-Dimensional Visualization Approach

NCUIR > College of Electrical Engineering & Computer Science > Graduate Institute of Computer Science and Information Engineering > Electronic Thesis & Dissertation > Item 987654321/95794

Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/95794

Title:	將網路威脅情報與多視角分析和雙聚類結合：一種多維視覺化方法;Enhancing Cyber Threat Intelligence (CTI) with Multiple-View Analysis and Biclustering: A Multi-Dimensional Visualization Approach
Authors:	陳光磊;CHEN, GUANG-LEI
Contributors:	資訊工程學系
Keywords:	網路安全;多視圖視覺化;雙聚類;三維視覺化;Cybersecurity;multi-view visualization;Bicluster;3D visualization
Date:	2024-08-13
Issue Date:	2024-10-09 17:17:11 (UTC+8)
Publisher:	國立中央大學
Abstract:	網路威脅情報（CTI）對於理解和減輕網路安全威脅至關重要。本文提出了一種新穎的方法，利用多視角分析和雙聚類技術來增強CTI資料的視覺化和理解。CTI包含各種資料類型，包括妨礙指標（IoCs）和戰術、技術與程序（TTPs），這些資料往往是非結構化和分散的，這使得網路安全專業人員的分析過程變得複雜。我們的方法整合了多視角視覺化和雙聚類技術來應對這些挑戰。多視角視覺化允許從不同的角度審視CTI，例如地理位置、攻擊類型和受影響的資產。通過將資料分成不同的視圖，分析師可以專注於特定方面，而不會被無關的資訊分散注意力，從而降低了複雜性並提高了清晰度。雙聚類技術則根據關係將相關實體分組成子集，將資料轉換為矩陣，揭示不同類型資訊之間的隱藏模式和關聯。為了進一步增強視覺化，我們開發了一個三維視覺化系統，將這些視角和雙聚類結果整合起來，減少資訊過載和線條交叉，這些都可能掩蓋關鍵見解。該系統使網路安全分析師能夠快速解釋和連接複雜的資料點，促進對漏洞和攻擊技術的早期辨識。我們的方法不僅提高了對CTI的理解和應用，還支援動態更新，使其成為一個可擴充的解決方案，以滿足持續的網路安全需求。;Cyber Threat Intelligence (CTI) is essential for understanding and mitigating cybersecurity threats. This paper presents a novel approach that leverages multiple-view analysis and biclustering to enhance the visualization and comprehension of CTI data. CTI contains a variety of data types, including Indicators of Compromise and Tactics, Techniques, and Procedures, which are often unstructured and fragmented, complicating the analysis process for cybersecurity professionals. Our methodology integrates multiple-view visualization with biclustering to address these challenges. Multiple-view visualization allows the examination of CTI from different perspectives, such as geographical locations, types of attacks, and affected assets. By separating data into distinct views, analysts can focus on specific aspects without the distraction of irrelevant information, thus reducing complexity and improving clarity. Biclustering, on the other hand, groups related entities into subsets based on their relationships, transforming the data into matrices that reveal hidden patterns and correlations between different types of information. To enhance the visualization further, we developed a three-dimensional visualization system that integrates these perspectives and biclustering results, minimizing information overload and line crossings that can obscure key insights. This system enables cybersecurity analysts to quickly interpret and connect complex data points, facilitating the early identification of vulnerabilities and attack techniques. Our approach not only improves the understanding and application of CTI but also supports dynamic updates, making it a scalable solution for ongoing cybersecurity needs.
Appears in Collections:	[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

Files in This Item:

File	Description	Size	Format
index.html		0Kb	HTML	12	View/Open

社群 sharing

Loading...