网络安全态势实时监控平台的设计与实现
|
摘要
现有网络安全防护多基于网络流量的实时镜像,数据处理量大,事件格式多样,难以进行有效的归并和融合分析。再加上安全设备种类多,且相互之间缺少接口支持,使得安全事件的处置碎片化,难以在一个统一的视角下开展快速有效的处置。文章将多源安全事件数据进行融合分析、统一展现,并结合网络安全全天候监控值班的工作特点,利用大数据关联分析、开关量状态监测以及矢量构图等技术,初步实现了攻击的全景化展示,降低了值班员的工作量,可以有效支撑全天候监控值班模式的运转。
The current network protection methods mostly depend on the real-time image of network traffic. Due to large amount of data with various formats, it is difficult to merge and integrate those data effectively. In addition, various kinds of security equipments without appropriate interfaces isolate the interrelated security incidents from each other, making it difficult to implement emergency settlements efficiently and effectively in an integrated way. This paper innovatively fuses and analyzes multisource data, displaying them together. Combining with the characteristics of network security full-time monitoring, this paper leverages some technologies including association analysis of big data, switching amount monitoring and scalable vector graphics to display the network attacks comprehensively, which can reduce the burden of the watch and support the full-time monitoring effectively.
The current network protection methods mostly depend on the real-time image of network traffic. Due to large amount of data with various formats, it is difficult to merge and integrate those data effectively. In addition, various kinds of security equipments without appropriate interfaces isolate the interrelated security incidents from each other, making it difficult to implement emergency settlements efficiently and effectively in an integrated way. This paper innovatively fuses and analyzes multisource data, displaying them together. Combining with the characteristics of network security full-time monitoring, this paper leverages some technologies including association analysis of big data, switching amount monitoring and scalable vector graphics to display the network attacks comprehensively, which can reduce the burden of the watch and support the full-time monitoring effectively.
引文
[1]高昆仑,辛耀中,李钊,等.智能电网调度控制系统安全防护技术及发展[J].电力系统自动化,2015,39(1):48-52.GAO Kunlun,XIN Yaozhong,LI Zhao,et al.Development and process of cybersecurity protection architecture for smart grid dispatching and control systems[J].Automation of Electric Power Systems,2015,39(1):48-52.
[2]陈春霖,屠正伟,郭靓.国家电网公司网络与信息安全态势感知的实践[J].电力信息与通信技术,2017,15(6):3-8.CHEN Chunlin,TU Zhengwei,GUO Liang.Practice of network and information security situation awareness in SGCC[J].Electric Power Information and Communication Technology,2017,15(6):3-8.
[3]吕良福,张加万,孙济洲,等.网络安全可视化研究综述[J].计算机应用,2008,28(8):1924-1927.LV Liangfu,ZHANG Jiawan,SUN Jizhou,et al.Review of visualization of network security[J].Computer Applications,2008,28(8):1924-1927.
[4]赵颖,樊晓平,周芳芳,等.网络安全数据可视化综述[J].计算机辅助设计与图形学学报,2014,26(5):687-697.ZHAO Ying,FAN Xiaoping,ZHOU Fangfang,et al.Summary of network security data visualization[J].Journal of Computer Aided Design and Graphics,2014,26(5):687-697.
[5]王继业,刘道伟,马世英,等.信息驱动的全球能源互联网全景安全防御系统[J].电力信息与通信技术,2016,14(3):13-19.WANG Jiye,LIU Daowei,MA Shiying,et al.Information-driven global energy internet panoramic security defense system[J].Electric Power Information and Communication Technology,2016,14(3):13-19.
[6]章锐,刘道伟,陈树勇,等.信息驱动的大电网全景安全防御系统可视化设计[J].电力信息与通信技术,2016,14(12):46-51.ZHANG Rui,LIU Daowei,CHEN Shuyong,et al.Informationdriven panoramic security defense system visual design[J].Electric Power Information and Communication Technology,2016,14(12):46-51.
[7]张金虎,张月,沈艳,等.一种高效安全的智能变电站轻量级消息认证方案[J].智慧电力,2018,46(11):53-58.ZHANG Jinhu,ZHANG Yue,SHEN Yan,et al.An efficient and secure lightweight message authentication scheme for smart substation[J].Smart Power,2018,46(11):53-58.
[8]文凌锋,党广宇,刘振东,等.一种基于模糊控制的微电网群安全控制方法[J].广东电力,2018,31(7):90-97.WEN Lingfeng,DANG Guangyu,LIU Zhendong,et al.Safety control method for micro-grid community based on fuzzy control[J].Guangdong Electric Power,2018,31(7):90-97.
[9]刘俊文,崔硕,李晓勐,等.基于海量实时监控数据的服务影响分析及可视化展现[J].电信科学,2018,34(3):192-196.LIU Junwen,CUI Shuo,LI Xiaomeng,et al.Service impact analysis and visualization display based on massive real-time monitoring data[J].Telecommunications Science,2018,34(3):192-196.
[10]闪鑫,戴则梅,张哲,等.智能电网调度控制系统综合智能告警研究及应用[J].电力系统自动化,2015,39(1):65-72.SHAN Xin,DAI Zemei,ZHANG Zhe,et al.Research and application of integrated smart alarm based on smart grid dispatching and control systems[J].Automation of Electric Power Systems,2015,39(1):65-72.
[11]梁琦.工业控制系统安全防护方案[J].电信科学,2018,34(4):144-150.LIANG Qi.Security and safety protection solution of ICS[J].Telecommunications Science,2018,34(4):144-150.
[12]CASE J D.Management of high speed networks with the simple network management protocol(SNMP)[C]//Conference on Local Computer Networks,IEEE,1990.
[13]DIMITRIOS K L.Learning scrapy[M].Hamburg(German):Packt Publishing Ltd.,2016.
[14]LIU B,MENCZER F.Web data mining[M].Berlin Heidelberg:Springer,2011.
[15]钱金菊,张睿卓,王柯,等.输电线路巡检可视化管理系统及其应用[J].广东电力,2018,31(3):109-114.QIAN Jinju,ZHANG Ruizhuo,WANG Ke,et al.Visualized management system for power transmission line inspection and its application[J].Guangdong Electric Power,2018,31(3):109-114.
[16]郭静,黄伟,郭雅娟,等.智能变电站网络安全态势感知技术[J].电信科学,2015,31(S1):202-208.GUO Jing,HUANG Wei,GUO Yajuan,et al.Network security situation awareness technology in smart substation[J].Telecommunications Science,2015,31(S1):202-208.
[17]赵林,王丽丽,刘艳,等.电网实时监控可视化技术研究与分析[J].电网技术,2014,38(2):538-543.ZHAO Lin,WANG Lili,LIU Yan,et al.Research and analysis of visualization technology for real-time monitoring of power grid[J].Power System Technology,2014,38(2):538-543.
[2]陈春霖,屠正伟,郭靓.国家电网公司网络与信息安全态势感知的实践[J].电力信息与通信技术,2017,15(6):3-8.CHEN Chunlin,TU Zhengwei,GUO Liang.Practice of network and information security situation awareness in SGCC[J].Electric Power Information and Communication Technology,2017,15(6):3-8.
[3]吕良福,张加万,孙济洲,等.网络安全可视化研究综述[J].计算机应用,2008,28(8):1924-1927.LV Liangfu,ZHANG Jiawan,SUN Jizhou,et al.Review of visualization of network security[J].Computer Applications,2008,28(8):1924-1927.
[4]赵颖,樊晓平,周芳芳,等.网络安全数据可视化综述[J].计算机辅助设计与图形学学报,2014,26(5):687-697.ZHAO Ying,FAN Xiaoping,ZHOU Fangfang,et al.Summary of network security data visualization[J].Journal of Computer Aided Design and Graphics,2014,26(5):687-697.
[5]王继业,刘道伟,马世英,等.信息驱动的全球能源互联网全景安全防御系统[J].电力信息与通信技术,2016,14(3):13-19.WANG Jiye,LIU Daowei,MA Shiying,et al.Information-driven global energy internet panoramic security defense system[J].Electric Power Information and Communication Technology,2016,14(3):13-19.
[6]章锐,刘道伟,陈树勇,等.信息驱动的大电网全景安全防御系统可视化设计[J].电力信息与通信技术,2016,14(12):46-51.ZHANG Rui,LIU Daowei,CHEN Shuyong,et al.Informationdriven panoramic security defense system visual design[J].Electric Power Information and Communication Technology,2016,14(12):46-51.
[7]张金虎,张月,沈艳,等.一种高效安全的智能变电站轻量级消息认证方案[J].智慧电力,2018,46(11):53-58.ZHANG Jinhu,ZHANG Yue,SHEN Yan,et al.An efficient and secure lightweight message authentication scheme for smart substation[J].Smart Power,2018,46(11):53-58.
[8]文凌锋,党广宇,刘振东,等.一种基于模糊控制的微电网群安全控制方法[J].广东电力,2018,31(7):90-97.WEN Lingfeng,DANG Guangyu,LIU Zhendong,et al.Safety control method for micro-grid community based on fuzzy control[J].Guangdong Electric Power,2018,31(7):90-97.
[9]刘俊文,崔硕,李晓勐,等.基于海量实时监控数据的服务影响分析及可视化展现[J].电信科学,2018,34(3):192-196.LIU Junwen,CUI Shuo,LI Xiaomeng,et al.Service impact analysis and visualization display based on massive real-time monitoring data[J].Telecommunications Science,2018,34(3):192-196.
[10]闪鑫,戴则梅,张哲,等.智能电网调度控制系统综合智能告警研究及应用[J].电力系统自动化,2015,39(1):65-72.SHAN Xin,DAI Zemei,ZHANG Zhe,et al.Research and application of integrated smart alarm based on smart grid dispatching and control systems[J].Automation of Electric Power Systems,2015,39(1):65-72.
[11]梁琦.工业控制系统安全防护方案[J].电信科学,2018,34(4):144-150.LIANG Qi.Security and safety protection solution of ICS[J].Telecommunications Science,2018,34(4):144-150.
[12]CASE J D.Management of high speed networks with the simple network management protocol(SNMP)[C]//Conference on Local Computer Networks,IEEE,1990.
[13]DIMITRIOS K L.Learning scrapy[M].Hamburg(German):Packt Publishing Ltd.,2016.
[14]LIU B,MENCZER F.Web data mining[M].Berlin Heidelberg:Springer,2011.
[15]钱金菊,张睿卓,王柯,等.输电线路巡检可视化管理系统及其应用[J].广东电力,2018,31(3):109-114.QIAN Jinju,ZHANG Ruizhuo,WANG Ke,et al.Visualized management system for power transmission line inspection and its application[J].Guangdong Electric Power,2018,31(3):109-114.
[16]郭静,黄伟,郭雅娟,等.智能变电站网络安全态势感知技术[J].电信科学,2015,31(S1):202-208.GUO Jing,HUANG Wei,GUO Yajuan,et al.Network security situation awareness technology in smart substation[J].Telecommunications Science,2015,31(S1):202-208.
[17]赵林,王丽丽,刘艳,等.电网实时监控可视化技术研究与分析[J].电网技术,2014,38(2):538-543.ZHAO Lin,WANG Lili,LIU Yan,et al.Research and analysis of visualization technology for real-time monitoring of power grid[J].Power System Technology,2014,38(2):538-543.