基于知识库的配网网络化下系统全过程安全态势识别方法

The Whole Process Security Situation Identification Method of Distribution Network System Based on Knowledge Base

为了提升配网网络系统安全态势识别的精度与时效性,研究基于知识库的配网网络化下系统全过程安全态势识别方法。运用多源异构传感器采集配网网络系统环境中的安全设备、交换设备及主机等各类异构信息,对所采集的信息进行同步、格式化、剔除及约简等处理后,采用多源数据融合算法,依据融合规则融合数据,将所得最优融合结果存储于知识库内,完成配网网络化指令知识库的构建;依据该知识库内的安全态势要素生成系统安全态势,通过所生成的系统评估当前配网网络系统全过程安全态势,实现配网网络化下系统全过程安全态势的识别。结果表明,该方法可呈现实际配网网络系统的安全态势演化状况,精准识别配网网络系统所遭受的攻击数目,识别时效性较高,可应对配网网络系统及时防御攻击的实时性需求,为网络管理员及时觉察与抵御网络攻击奠定基础。

In order to improve the accuracy and timeliness of security situation recognition of distribution network system,the whole process security situation recognition method of distribution network command system based on knowledge base is studied.The multi-source heterogeneous sensors are used to collect various kinds of heterogeneous information such as security equipment,switching equipment and host in the distribution network system environment.After the collected information is synchronized,formatted,eliminated and reduced,the multi-source data fusion algorithm is used to fuse the data according to the fusion rules,and the optimal fusion results are stored in the knowledge base to complete the distribution network networking instruction knowledge According to the security situation elements in the knowledge base,the system security situation is generated,and the whole process security situation of the current distribution network system is evaluated by the generated system,and the whole process security situation of the distribution network system is identified.The results show that the method can present the evolution of the security situation of the actual distribution network system,accurately identify the number of attacks suffered by the distribution network system,and the identification timeliness is high.It can meet the real-time demand of the distribution network system to timely defense against attacks,and lay a foundation for network administrators to timely detect and resist network attacks.