摘要
文章从专用网络的APT事件说起,引出了对公安网中安全事件应对方法的思考;紧接着根据公安网的业务特点和数据优势,借助于大数据分析技术,提出了一个针对公安网的安全事件发现方案。该方案结合攻击过程和公安业务特点,构建了攻击模型和业务模型,为判别异常网络行为提供了理论依据;在人工研判机制的介入和机器学习的反复训练过程中,不断完善和优化数据模型,从而更加准确地识别未知风险和发现安全事件,并进行及时有效的干预。
This paper starts from the apt incident in the private network, triggers the thinking of the solutions to security incidents of the police network. Then, according to the business characteristics and the advantage of big data of the police network, this paper presents a solution of security incident detection with big data analysis technology. The solution combined with attack process and business characteristics, constructs the attack model and the business model, which provide a intelligent analysis theory. In the artiifcial judgment mechanism and machine learning process, the data model could be improved and optimized, so that helping identifying unknown risks and security incidents, and early intervention.
出处
《信息网络安全》
2015年第9期245-248,共4页
Netinfo Security
关键词
公安网
大数据
攻击模型
业务模型
图数据库
police network
big data
attack model
business model
graph database