摘要
现有网络安全防护多基于网络流量的实时镜像,数据处理量大,事件格式多样,难以进行有效的归并和融合分析。再加上安全设备种类多,且相互之间缺少接口支持,使得安全事件的处置碎片化,难以在一个统一的视角下开展快速有效的处置。文章将多源安全事件数据进行融合分析、统一展现,并结合网络安全全天候监控值班的工作特点,利用大数据关联分析、开关量状态监测以及矢量构图等技术,初步实现了攻击的全景化展示,降低了值班员的工作量,可以有效支撑全天候监控值班模式的运转。
The current network protection methods mostly depend on the real-time image of network traffic.Due to large amount of data with various formats,it is difficult to merge and integrate those data effectively.In addition,various kinds of security equipments without appropriate interfaces isolate the interrelated security incidents from each other,making it difficult to implement emergency settlements efficiently and effectively in an integrated way.This paper innovatively fuses and analyzes multisource data,displaying them together.Combining with the characteristics of network security full-time monitoring,this paper leverages some technologies including association analysis of big data,switching amount monitoring and scalable vector graphics to display the network attacks comprehensively,which can reduce the burden of the watch and support the full-time monitoring effectively.
作者
张相依
胡威
张书林
郭邯
程杰
李显旭
ZHANG Xiangyi;HU Wei;ZHANG Shulin;GUO Han;CHENG Jie;LI Xianxu(State Grid Information&Telecommunication Branch,Beijing 100761,China)
出处
《电力信息与通信技术》
2019年第3期28-34,共7页
Electric Power Information and Communication Technology
关键词
网络与信息安全
态势感知
安全监控
network and information security
situation awareness
security monitoring
