网络安全态势感知关键技术研究及发展趋势分析

Research and Development Trend Analysis of Key Technologies for Cyberspace Security Situation Awareness

文章阐述了网络安全态势感知是当前保护关键信息基础设施和重要信息系统的重要手段和重点发展方向。通过研究分析APT攻击的技术特点,以及云平台和大数据平台的安全风险,文章得出了需要从可视、可知、可管、可控、可溯和可预警这6个方面来实现网络安全态势感知。文章综合研究了国内外网络安全态势感知系统的技术现状,分析了网络安全数据源采集、数据分析,以及网络态势评估、网络威胁评估和网络态势预测等主要功能和关键技术,得出了网络安全态势感知系统的未来发展趋势是深度融合大数据和人工智能技术,其基础设施应该是动态扩展的并能提供精准预测和防御处置建议。文章对于网络安全态势感知系统的研发、建设、测评和监管都具有很好的指导意义。

The article expounds that cyberspace security situational awareness is an important means and key development direction for protecting critical information infrastructure and important information systems. By analyzing the technical characteristics of APT attack, and the security risk of cloud platform and big data platform, a conclusion is got that the cyberspace security situation awareness needs to be realized from five aspects：visibility, knowable, manageable, controllable, traceable and early warning. The domestic and foreign technical status of cyberspace security situation awareness system is researched comprehensively. The main functions and key technologies of network security data source, big data analysis, cyberspace situation assessment, cyberspace threat assessment and cyberspace situation prediction are analyzed, and the future development trend of cyberspace security situation awareness system is obtained. With the integration of big data and AI technology, the infrastructure of cyberspace security situation awareness system should be dynamically expanded, and the accurate prediction and defense disposal recommendations can be proved. So that good guiding significance is proved for research, development, evaluation and supervision of cyberspace security situation awareness system.