基于大数据的网络安全态势感知及主动防御技术研究与应用

针对电力信息系统网络安全态势感知及主动防御问题,介绍了网络安全态势感知相关概念及技术。为了监控网络安全态势,研究了利用大数据分析技术开展基于多源日志的网络安全态势感知,提出了态势感知平台部署架构及主动防御模型思想,并将其技术应用于某电力公司网络信息系统环境。通过在公司内外网网络出口部署全流量数据采集分析器,对原始网络流量进行实时采集和存储,并借助大数据可视化分析工具与丰富的数据展示组件,实现对分析结果的多维度图形化直观展现。经实验测试实现了攻击事件及安全态势的实时监控预警,保障了公司信息系统的安全稳定运行。

Research and Application of Network Security Situation Awareness and Active Defense Based on Big Data Technology

In view of the problem of network security situation awareness and active defense of power information system, this paper introduces the related concepts and technologies of network security situational awareness. In order to monitor network security problems, a network security situation awareness technology based on multi-source logging methods by utilizing big data analysis is proposed. The deployment architecture of situation awareness platform and the idea of active defense model are proposed and applied to the information system environment of a certain electric power company. We deployed network traffic security analyzer in the export of company"s internal and external network. It can acquire and storage the original network traffic in real time. By using the big data visualization analysis tool and rich data display component, the realization of the multidimensional graphical visualization of the analysis results is presented. Through the experimental test, it realizes the real-time monitoring and early warning of the attack event and security situation, and guarantees the safe and stable operation of the company''s information system.