基于开源工具集的大数据网络安全态势感知及预警架构

发布时间：2018-05-10 09:08

本文选题：开源工具 + 大数据　；参考：《计算机科学》2017年05期

【摘要】：对信息系统安全防护而言,大数据是一把双刃剑。信息量的巨增使得数据价值密度更小,给APT等攻击行为提供了更好的藏身环境;但大数据处理技术对海量数据的聚合、挖掘和分析又使得准确检测及预测攻击威胁成为可能。为增强信息系统的威胁感知与攻击预警能力,构建大数据威胁处理平台势在必行。基于最新的开源大数据组件集,构建了集数据收集整理、数据存储、离线分析发现、实时关联检测、威胁预警和态势呈现等功能于一体的、支持全流程安全事件处理过程的、完整的网络安全态势感知及预警架构,与现有同类平台架构相比,其具有高可用、可扩展、易部署等特点,且能较好地支持威胁情报的引入。
[Abstract]:For information system security protection, big data is a double-edged sword. The huge increase in the amount of information makes the data value density smaller and provides a better hiding environment for attacks such as APT, but the aggregation, mining and analysis of massive data by big data processing technology make it possible to accurately detect and predict attack threats. In order to enhance the ability of threat perception and attack warning of information system, it is imperative to construct big data threat handling platform. Based on the latest open source big data component set, this paper constructs a collection of data collection and collation, data storage, offline analysis and discovery, real-time association detection, threat warning and situation rendering, and supports the whole process of security event processing. Compared with the existing similar platform architecture, the integrated network security situation awareness and early warning architecture has the characteristics of high availability, extensibility, easy deployment, and can support the introduction of threat intelligence.
【作者单位】：中国人民解放军信息工程大学;数学工程与先进计算国家重点实验室;
【基金】：国家自然科学基金(61501515)资助
【分类号】：TP393.08

【相似文献】