Research on Network Security Situational Awareness Technology Based on Big Data

doi:10.3969/j.issn.1671-1122.2016.09.009

Abstract

Abstract:

Information security is becoming a big data analysis problem. Based on the current situation of network space security and defense requirements, this paper analyzes the disadvantages of traditional network security defense system and the advantages of network security analysis using big data technology, and proposes a security situational awareness platform which integrates security data collection, processing, analysis and security risks discovery, monitoring, warning and prejudgment. The platform integrates the user terminals, network links, application systems, data flow and other sensing data sources, and by using machine intelligence analysis technology after storing converged data, combined the analysis algorithms such as data processing, security rule model and attack reasoning model, converts the seemingly unrelated, unordered alarm data and logs into intuitive and visual security event information. The platform mines threat intelligence from massive data, so as to realize the risk discovery, security early warning and situation awareness, enhancing the ability of attack detection and security situation awareness in security monitoring. This paper expounds system platform technology, principle and implementation method from 3 aspects of multi-source security data collection and storage, threat intelligence data analysis and situation awareness application, and describes the system deployment, test run and application conditions.

Key words: situational awareness, big data, threat intelligence, security model, attack reasoning

CLC Number:

TP309

Lei GUAN, Guangjun HU, Zhuan WANG. Research on Network Security Situational Awareness Technology Based on Big Data[J]. Netinfo Security, 2016, 16(9): 45-50.

Figures/Tables 4

References 11

[1]	360企业安全.“云+端+边界+ 联动”下一代安全体系[EB/OL]. ,2016-06-30.
[2]	陈建昌. 大数据环境下的网络安全分析[J].中国新通信,2013(9):13-15.
[3]	韩伟红,隋品波,贾焰.大规模网络安全态势分析与预测系统YHSAS[J].信息网络安全,2012(8):11-14.
[4]	DEAN J, GHEMAWAT S.Map Reduce: Simplified Data Processing on Large Clusters[J]. Communications of the ACM, 2008, 51(1) : 107-113.
[5]	苏忠,林繁,陈厚金,等. 网络安全态势感知系统的构建与应用[J]. 信息网络安全,2014(5):73-77.
[6]	廖晓勇,连一峰,戴英侠. 网络安全检测的攻击树模型研究[J]. 计算机工程与应用,2005,41(34):108-110.
[7]	钟力. 积极主动的网络安全态势感知体系构建[J]. 信息网络安全,2013(10):124-126.
[8]	徐茹枝,常太华,吕广娟.基于时间序列的网络安全态势预测方法的研究[J].数学的实践与认识,2010(12):124-131.
[9]	ZAHARIA M, CHOWDHURY M, DAS T, et al.Fast and Interactive Analytics over Hadoop Data with Spark[J]. USENIX, 2012, 37(4) : 45-51.
[10]	李明桂,肖毅,陈剑锋,等. 基于大数据的安全事件挖掘框架木[J].通信技术,2015,48(3):346-350.
[11]	谭小彬,张勇,钟力. 基于多层次多角度分析的网络安全态势感知[J]. 信息网络安全,2008(11):47-50.

[1]	Zhaoxuan JI, Zhi YANG, Yu SUN, Yiwei SHAN. GPU High Speed Implementation of SHA1 in Big Data Environment [J]. Netinfo Security, 2020, 20(2): 75-82.
[2]	Yongheng XIE, Yubo FENG, Qingfeng DONG, Mei WANG. Research on Data Ingestion Method Based on Deep Learning [J]. Netinfo Security, 2019, 19(9): 36-40.
[3]	Yongcheng DUAN, Yuqing WANG, Xin LI, Le YANG. RSAR-based Random Forest Network Security Situation Factor Extraction [J]. Netinfo Security, 2019, 19(7): 75-81.
[4]	Yi WEN, Xingshu CHEN, Xuemei ZENG, Yonggang LUO. DNS Protocol Restore System for Security Analysis Based on Large-scale Network [J]. Netinfo Security, 2019, 19(5): 77-83.
[5]	Guotian XU, Ming ZHANG. Research on Trie Tree Keyword Fast Matching Algorithm in Network Security Situational Awareness [J]. Netinfo Security, 2019, 19(4): 55-62.
[6]	Tianxiong WU, Xingshu CHEN, Yonggang LUO. Research and Implementation of Application Program Protection Mechanism under Big Data Platform [J]. Netinfo Security, 2019, 19(1): 68-75.
[7]	Ronglei HU, Yanqiong HE, Ping ZENG, Xiaohong FAN. Design and Implementation of Medical Privacy Protection Scheme in Big Data Environment [J]. Netinfo Security, 2018, 18(9): 48-54.
[8]	Xinyang FENG, Jianjing SHEN. A Yarn and NMF Based Big Data Clustering Algorithm [J]. Netinfo Security, 2018, 18(8): 43-49.
[9]	Yuan TAO, Tao HUANG, Mohan ZHANG, Shuilin LI. Research and Development Trend Analysis of Key Technologies for Cyberspace Security Situation Awareness [J]. Netinfo Security, 2018, 18(8): 79-85.
[10]	Lin YOU, Jiahao LIANG. Research on Secure Identity Authentication Based on Homomorphic Encryption and Biometric [J]. Netinfo Security, 2018, 18(4): 1-8.
[11]	Xiuqing LU, Hequn XIAN. A Big Data Integrity Auditing Scheme Based on User Authorization in Cloud Storage [J]. Netinfo Security, 2018, 18(4): 32-37.
[12]	Congdong LV, Zhen HAN. A Security Model of Cloud Computing Based on IP Model [J]. Netinfo Security, 2018, 18(11): 27-32.
[13]	Ben QI, Mengdi WANG. A Method Using Information Gain and Naive Bayes to Extract Network Situation Information [J]. Netinfo Security, 2017, 17(9): 54-57.
[14]	Min GUO, Yingming ZENG, Jinli YAO, Xiaowen DA. The Analysis of Software Behavior Security Based on Big Data Samples [J]. Netinfo Security, 2017, 17(9): 153-156.
[15]	Yang CHEN, Yong WANG, Wei SUN. A YARN-based Smart Grid Big Data Abnormal Detection [J]. Netinfo Security, 2017, 17(7): 11-17.