The invention relates to a
threat intelligence-based network
threat identification method and
identification system. The method includes: after the detection module is started, loading all the threatinformation updated by the information updating module to the local; acquiring the collected and analyzed audit data, matching the audit data with data in a
threat intelligence
library, analyzing andacquiring threat event information based on risk data through an analysis and display module if the audit data is successfully matched with the data in the
threat intelligence library, acquiring and analyzing associated information of possible lost host events, and counting, analyzing and displaying the relationship between the events. According to the invention, the threat condition of the wholenetwork is analyzed and displayed from two perspectives of threat event information and a lost host event; a collapsed host is determined, targeted attacks are accurately recognized,
correlation analysis and display are carried out on the threats, the efficiency of
processing network attack events is improved, the
false alarm rate is low, potential threats can be found, tracing and post-processingof the threat events are greatly facilitated, attacks possibly occurring in the future are predicted, and therefore truly valuable
attack events are deeply analyzed and found.