Netinfo Security ›› 2016, Vol. 16 ›› Issue (9): 45-50.doi: 10.3969/j.issn.1671-1122.2016.09.009
• Orginal Article • Previous Articles Next Articles
Lei GUAN(), Guangjun HU, Zhuan WANG
Received:
Online:
Published:
Abstract:
Information security is becoming a big data analysis problem. Based on the current situation of network space security and defense requirements, this paper analyzes the disadvantages of traditional network security defense system and the advantages of network security analysis using big data technology, and proposes a security situational awareness platform which integrates security data collection, processing, analysis and security risks discovery, monitoring, warning and prejudgment. The platform integrates the user terminals, network links, application systems, data flow and other sensing data sources, and by using machine intelligence analysis technology after storing converged data, combined the analysis algorithms such as data processing, security rule model and attack reasoning model, converts the seemingly unrelated, unordered alarm data and logs into intuitive and visual security event information. The platform mines threat intelligence from massive data, so as to realize the risk discovery, security early warning and situation awareness, enhancing the ability of attack detection and security situation awareness in security monitoring. This paper expounds system platform technology, principle and implementation method from 3 aspects of multi-source security data collection and storage, threat intelligence data analysis and situation awareness application, and describes the system deployment, test run and application conditions.
Key words: situational awareness, big data, threat intelligence, security model, attack reasoning
CLC Number:
TP309
Lei GUAN, Guangjun HU, Zhuan WANG. Research on Network Security Situational Awareness Technology Based on Big Data[J]. Netinfo Security, 2016, 16(9): 45-50.
0 / / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://netinfo-security.org/EN/10.3969/j.issn.1671-1122.2016.09.009
http://netinfo-security.org/EN/Y2016/V16/I9/45