论文标题
SSH关键材料的积极和被动收集用于网络威胁智能
Active and Passive Collection of SSH key material for cyber threat intelligence
论文作者
论文摘要
本文介绍了一种用于存储从SSH连接收集的历史法医文物的系统。该系统以类似于被动DNS数据库,恶意软件注册表和SSL公证人的方式公开REST API,目的是支持事件调查和监视基础架构。
This paper describes a system for storing historical forensic artefacts collected from SSH connections. This system exposes a REST API in a similar fashion as passive DNS databases, malware hash registries, and SSL notaries with the goal of supporting incident investigations and monitoring of infrastructure.
