基于大数据的网络安全与情报分析
发布时间:2018-05-15 11:38
本文选题:大数据 + 网络安全 ; 参考:《工程科学与技术》2017年03期
【摘要】:随着IT技术和通信技术的发展,网络环境日趋复杂,云计算和虚拟化等技术的应用,使得主机边界、网络边界也变得动态和模糊。同时,网络攻击频繁,隐蔽性、持续性、趋利性等高级网络威胁增多。而传统网络安全与情报分析技术受数据来源单一、处理能力有限、部署依赖于物理环境等因素的限制,导致对威胁情报的获取、分析、利用能力不足,且对网络安全态势的感知与预测能力有限,不能有效解决当前和未来所面临的网络安全挑战。作者以大数据技术给网络安全与情报分析研究带来的挑战与机遇为线索,回顾大数据的内涵,分析当前网络安全与情报分析面临的困境,梳理大数据和网络安全与情报分析的关系,阐述大数据技术对传统安全分析方法的改变。大数据技术在安全领域应用形成大数据安全分析这一新型安全应对方法,通过紧扣安全数据自身的特点和安全分析的目标,应用大数据分析的方法和技术,解决网络安全与情报分析中的实际问题。一方面,批量数据处理技术、流式数据处理技术、交互式数据查询技术等大数据处理技术解决了高性能网络流量的实时还原与分析、海量历史日志数据分析与快速检索、海量文本数据的实时处理与检索等网络安全与情报分析中的数据处理问题;另一方面,大数据技术应用到安全可视分析、安全事件关联、用户行为分析中,形成大数据交互式可视分析、多源事件关联分析、用户实体行为分析、网络行为分析等一系列大数据安全分析研究分支,以应对当前的网络安全挑战。大数据安全分析技术在APT攻击检测、网络异常检测、网络安全态势感知、网络威胁情报分析等方面已经得到应用,但是,当前的网络安全形势仍不容乐观:高级网络威胁与攻击的有效检测方法缺乏;未知复杂网络攻击与威胁预测能力不足;缺乏度量网络安全态势评估结果的评价体系,关键资产与网络整体的态势评估指标体系不完善,网络安全态势感知评估方法缺少针对性;网络威胁情报信息分析的新型数据源数据获取难度大,缺乏威胁情报共享标准,尚未建成规模化、一体化的现代威胁情报中心和开放的威胁情报综合服务平台。围绕这些问题,需要研究高级网络威胁发现方法、复杂网络攻击预测方法、大规模网络安全态势感知技术、威胁情报数据采集与共享技术,并在高级网络威胁早期检测、隐蔽性和持续性网络通信行为检测、基于大数据分析的网络特征提取技术、综合威胁情报的高级网络威胁预测、非公开网络情报采集等关键技术上实现突破,以提升大数据对网络信息安全的支撑能力,增强网络信息安全风险感知、预警和处置能力。
[Abstract]:With the development of IT technology and communication technology, the network environment is becoming more and more complex. The application of cloud computing and virtualization technology makes the boundary of host and network become dynamic and fuzzy. At the same time, high-level network threats such as frequent network attacks, concealment, persistence and profitability are increasing. However, the traditional network security and information analysis technology is limited by the single data source, limited processing capacity, and the deployment depends on physical environment, which leads to the lack of the ability to obtain, analyze and utilize threat information. Moreover, the ability of perception and prediction of network security situation is limited, which can not effectively solve the current and future network security challenges. Based on the challenges and opportunities brought by big data technology to the research of network security and information analysis, the author reviews the connotation of big data and analyzes the predicament of network security and information analysis. This paper combs the relationship between big data and network security and information analysis, and expounds the change of traditional security analysis method by big data technology. Big data security analysis, a new security response method, is formed by the application of big data technology in the field of security. The method and technology of big data analysis are applied to the security data itself and the goal of security analysis. To solve the practical problems in network security and information analysis. On the one hand, batch data processing technology, streaming data processing technology, interactive data query technology and other big data processing technologies solve the problem of real-time restoration and analysis of high performance network traffic, analysis and fast retrieval of massive historical log data. On the other hand, big data technology is applied to security visual analysis, security event association and user behavior analysis. A series of branches of big data security analysis, such as big data interactive visual analysis, multi-source event association analysis, user entity behavior analysis and network behavior analysis, are formed to meet the current network security challenges. Big data security analysis technology has been applied in APT attack detection, network anomaly detection, network security situation awareness, network threat intelligence analysis, etc. The current network security situation is still not optimistic: the lack of effective detection methods for advanced network threats and attacks; the lack of ability to predict unknown and complex network attacks and threats; the lack of evaluation system to measure the results of network security situation assessment; The critical assets and the whole network situation assessment index system is not perfect, the network security situation awareness assessment method lacks pertinence, the new data source of network threat intelligence information analysis is difficult to obtain, and lacks the threat intelligence sharing standard. A modern, integrated threat intelligence center and an open integrated threat intelligence service platform have not yet been built. Around these problems, we need to study advanced network threat detection methods, complex network attack prediction methods, large-scale network security situational awareness technology, threat intelligence data collection and sharing technology, and early detection of advanced network threats. Such key technologies as hidden and persistent network communication behavior detection, network feature extraction technology based on big data analysis, advanced network threat prediction based on comprehensive threat intelligence, closed network information collection and other key technologies achieve breakthroughs. In order to enhance the ability of big data to support the network information security, enhance the network information security risk awareness, early warning and handling ability.
【作者单位】: 四川大学网络空间安全研究院;四川大学计算机学院;
【基金】:国家自然科学基金资助项目(61272447)
【分类号】:TP311.13;TP393.08
【相似文献】
相关期刊论文 前10条
1 陈小梅;浅谈信息化建设中的银行网络安全[J];中国金融电脑;2003年02期
2 边锋;;网络安全融合之道[J];中国计算机用户;2007年38期
3 刘莹;网络安全问题的探讨[J];贵州工业大学学报;1999年01期
4 ;美国专家提出加强网络安全的10条建议[J];w挛胖芸,
本文编号:1892317
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/1892317.html
