摘要
针对自然资源信息管理分散、网络安全防御能力弱,以及难以追踪溯源威胁攻击行为等问题,本研究在自然资源云中建立了一套安全防护体系,用以整合网络安全资源,强化网络安全态势感知能力,做到攻击敏捷预测、快速回溯。安全防护体系工作效能的提升,核心在于其安全组件检测引擎模块中关联规则算法的改进。首先,在数据采集阶段,通过预处理将威胁告警数据转换为可供机器处理的标准数据格式;其次,在矩阵计算阶段,使用Map Reduce分布式计算框架提升频繁项集的处理效率;最后,以Apriori算法为蓝本,通过单次扫描锁定频繁k项集范围、矩阵向量内积运算、减少冗余候选项集生成三项措施进行算法改进。实验仿真表明:在处理同样容量网络安全多源数据集合,并在相同维度的关联规则矩阵下,本算法处理效率较经典Apriori算法提升3倍以上;随着输入数据集合瞬时容量的逐渐扩增,本算法的时间复杂度稳定,并为增量挖掘算法的一半以下。研究成果可以实现自然资源部网络安全防护工作从传统的“被动挨打”转向“主动防御”的新局面。
According to the“Overall Informatization Construction Plan of the Ministry of Natural Resources”issued by the Ministry of Natural Resources,there is a need to enhance security protection measures for the external network of natural resources.This includes further improving the protection and construction of security management centers,secure computing environments,secure communication networks,secure area boundaries,and enhancing capabilities related to trusted verification,data security,active defense,security detection,notification and early warning,and emergency response.A security protection system has been established in the Natural Resources Cloud to integrate network security resources and enhance network security situational awareness capabilities.This addresses issues such as decentralized management of security resources,weak network security defense capabilities,and challenges in tracking and tracing threat attacks by the Ministry of Natural Resources.The goal is to achieve agile attack prediction and fast backtracking.To improve the work efficiency of the security protection system,the association rule algorithm in its security component detection engine module is enhanced.The improved algorithm initially converts threat alarm data into a standard machine-processable format during the data collection stage.Secondly,in the matrix calculation phase,the MapReduce distributed computing framework is used to improve the processing efficiency of frequent itemsets.Finally,three measures were taken to improve the algorithm based on the Apriori algorithm,including locking the range of frequent k-term sets in a single scan,matrix vector inner product operation,and reducing the generation of redundant candidate sets.Following the algorithm improvement,it is encapsulated in the algorithm engine component of the Natural Resource Cloud detection engine module,further enhancing the security protection capability of the Natural Resources Department.Experimental simulations indicate that the improved algorithm enha
作者
李佳临
邬阳
魏奇
赵雯雯
李芳芳
陈卉
LI Jiain;WU Yang;WEI Qi;ZHAO Wenwen;LI Fangfang;CHEN Hui(Information Center of Ministry of Natural Resources of the People’s Republic of China,Beijing 100812,China)
出处
《时空信息学报》
2024年第1期140-147,共8页
JOURNAL OF SPATIO-TEMPORAL INFORMATION
基金
自然资源信息化运行维护项目(121101000000180042)。
