信息网络安全 ›› 2016, Vol. 16 ›› Issue (9): 45-50.doi: 10.3969/j.issn.1671-1122.2016.09.009

• • 上一篇    下一篇

基于大数据的网络安全态势感知技术研究

管磊(), 胡光俊, 王专   

  1. 公安部第一研究所,北京 100048
  • 收稿日期:2016-07-25 出版日期:2016-09-20 发布日期:2020-05-13
  • 作者简介:

    作者简介: 管磊(1982—),男,河南,工程师,硕士,主要研究方向为信息安全;胡光俊(1980—),男,山西,副研究员,博士,主要研究方向为信息安全;王专(1986—),男,江苏,工程师,硕士,主要研究方向为信息安全。

Research on Network Security Situational Awareness Technology Based on Big Data

Lei GUAN(), Guangjun HU, Zhuan WANG   

  1. The First Research Institute of the Ministry of Public Security, Beijing 100048, China
  • Received:2016-07-25 Online:2016-09-20 Published:2020-05-13

摘要:

信息安全问题正在成为一个大数据分析问题。文章从我国当前网络空间安全形势及防御需求出发,分析了传统网络安全防御体系的不足及应用大数据技术进行网络安全分析的优势,并在此基础上提出了一种集安全数据采集、处理、分析和安全风险发现、监测、报警、预判于一体的安全态势感知平台。该平台整合安全区域内用户终端、网络链路、应用系统、数据流量等各类感知数据源,经统一汇聚存储后,利用机器智能分析技术,结合数据处理、安全规则模型、攻击推理模型等分析算法,将看似毫无联系、混乱无序的安全日志、报警数据转化成直观的可视化安全事件信息,从海量数据中挖掘威胁情报,从而实现风险发现、安全预警和态势感知,提升安全监测的攻击发现和安全态势感知的能力。文章从多源安全数据的汇聚与存储、面向威胁情报的大数据分析、态势感知应用3个层面对系统平台的技术、原理和实现方法进行阐述,对系统的部署、试运行及应用情况进行了说明。

关键词: 态势感知, 大数据, 威胁情报, 安全模型, 攻击推理

Abstract:

Information security is becoming a big data analysis problem. Based on the current situation of network space security and defense requirements, this paper analyzes the disadvantages of traditional network security defense system and the advantages of network security analysis using big data technology, and proposes a security situational awareness platform which integrates security data collection, processing, analysis and security risks discovery, monitoring, warning and prejudgment. The platform integrates the user terminals, network links, application systems, data flow and other sensing data sources, and by using machine intelligence analysis technology after storing converged data, combined the analysis algorithms such as data processing, security rule model and attack reasoning model, converts the seemingly unrelated, unordered alarm data and logs into intuitive and visual security event information. The platform mines threat intelligence from massive data, so as to realize the risk discovery, security early warning and situation awareness, enhancing the ability of attack detection and security situation awareness in security monitoring. This paper expounds system platform technology, principle and implementation method from 3 aspects of multi-source security data collection and storage, threat intelligence data analysis and situation awareness application, and describes the system deployment, test run and application conditions.

Key words: situational awareness, big data, threat intelligence, security model, attack reasoning

中图分类号: