基于多中心许可链的威胁情报共享技术研究

Network security defense based on threat intelligence can enable prompt analysis and prediction of network threat scenarios, formulate network strategies and improve the collaboration in cyberspace for security defense. Sharing of threat intelligence is the core of collaborative security defense. Currently, sharing threat intelligence involves the widespread participation of nations, governments, enterprises and individuals. How to develop mutual trust between these participants is a challenge that has to be addressed. Blockchain provides an effective approach to the development of trust within the distributed environment. By preventing the shared intelligence from being tampered with and ensuring its traceability and privacy, it is shared more actively and efficiently. First, the multi-center, permissioned blockchain based model as well as the optimization of network structure are studied, considering China’s demand for the sharing of threat intelligence. Then, a multi-dimensional consensus parallel mechanism and a smart contract are proposed to facilitate the threat intelligence sharing. Finally, a high-performance permissioned blockchain based verification platform is implemented. In summary, a permissioned blockchain based model and a verification system are proposed in this paper for the sharing of threat intelligence, laying theoretical and technical foundation for China’s network security collaborative defense.

基于威胁情报的网络安全防御可及时分析预判网络威胁态势，制定安全策略，提升网络空间协同安全防御能力。威胁情报共享是协同安全防御的核心。目前的威胁情报共享需要包括国家、政府、企业、个人等不同类型的主体广泛参与。相互信任的共享关系形成是目前威胁情报共享的难题。区块链技术可有效解决分布式环境下信任问题。本课题提出基于区块链技术的威胁情报共享思路，确保共享威胁情报的不可篡改、可追溯、隐私保护等安全属性，提高威胁情报共享积极性和共享效率。首先，针对我国威胁情报共享需求，研究基于多中心许可链的威胁情报共享框架模型及其网络架构优化；其次，设计面向威胁情报共享的多元化共识并行机制，并构建面向威胁情报共享的智能合约；最后，面向威胁情报共享实现高性能许可链验证平台。本课题面向威胁情报共享建立许可链框架模型及其验证验证系统，为我国网络安全协同防御奠定理论基础和提供核心技术支撑。

威胁情报共享是协同安全防御的核心。区块链技术由于其去中心化、分布式、不可篡改性等特点，可以用于构建分布式、多主体参与的威胁情报共享体系。本项目面向多主体威胁情报共享需求，围绕威胁情报共享模型、网络结构、共识机制、智能合约、应用验证等方面展开研究。建立了多用户间威胁情报共享意愿激励和无第三方参与的激励机制，面向应用优化了区块链的共识、智能合约安全机制，提出了基于联盟链-私有链的层次化威胁情报共享网络模型，设计并实现了基于区块链的威胁情报共享原型系统。通过以上工作，本项目发表高水平学术论文8篇，申请中国发明专利6项，培养青年教师1名，博士研究生1名、硕士研究生8名。