入侵威脅指標通常採用機器可讀(Machine-Readable)格式,使其可以很容易地整合至資安設備或資安監控機制之中,故為組織應用最廣之情資類型,但隨時間推移,入侵威脅指標將會變得越來越不可靠,原先遭攻擊者利用之 IP,可能會變得合法,若持續阻擋,可能會導致誤報(False Positives),然而,實務上,並沒有任何一個標準或機制,可用來判定入侵威脅指標之阻擋時效,因此,本研究以IP為例,設計一套實務上可行之自動化入侵威脅指標阻擋時效最適化模型,並進行多項實驗,找出最適解的最適化模型。本研究所設計之最適化模型,準確率高達94.4%,召回率高達97.2%,俾利於組織可利用該模型,有效排除已過阻擋時效之入侵威脅指標。 關鍵字:網路威脅情資、入侵威脅指標、有效期限、阻擋時效 ;Indicators of Compromise (IoC) are commonly represented in machine-readable formats, making it easy to integrate them into cybersecurity devices or monitoring mechanisms. They are the most widely used type of threat intelligence in organizational applications. However, over time, IoCs can become increasingly unreliable. IP addresses that were previously used by attackers may become legitimate, and continuously blocking them could result in false positives. Unfortunately, there is currently no standard or mechanism to determine the timeliness of blocking IoCs. Therefore, this study focuses on IP addresses and designs a practical and optimal model for blocking timeliness of IoC. Multiple experiments are conducted to find the best solution for the optimization model. The designed optimization model in this study achieves a high accuracy rate of 94.4% and a high recall rate of 97.2%. Organizations can effectively utilize this model to eliminate expired IoCs. Keywords: Cyber Threat Intelligence, Indicators of Compromise, Expiration Date, Blocking Timeliness.