铁路网络安全态势感知平台方案研究

Research on railway network security situation awareness platform

研究基于大数据的网络安全态势感知技术在铁路行业的应用,使铁路信息网络具有全面感知、主动预警的能力是当前铁路网络安全建设的重点任务之一。为此,需要解决目前由于无法及时监测和感知信息网络中所存在的安全风险而导致的应用系统发展受限问题;解决传统网络安全态势感知平台由于实际网络环境中数据处理量巨大、业务复杂、层次套叠所导致的误报警率高、易遗漏报警等问题。以大数据高速存取为基础,利用人工智能和并行处理等技术优化感知预测算法,提出适于铁路行业应用的网络安全态势感知平台解决方案,并在测试环境中进行测试验证。结果表明:在具有高通量、复杂化特点的铁路信息网络环境中,该解决方案对潜在安全风险的感知和发现能力优于传统网络安全态势感知平台,满足铁路信息网络高通量、高实时性响应要求,有效地降低误报警率,提升了报警质量和水平。

It is one of the key tasks of current railway network security construction to study the application of network security situation awareness technology based on big data in railway so as to endow the railway information network with the ability of comprehensive awareness and proactive early warning.Therefore,it was aimed to solve the lack of timely surveillance and awareness over potential threats that might impose limitations on the development of application systems.Meanwhile,the problems of high false alarm rate and missing alarms due to huge amount of data,complexity of business,hierarchical overlapping existing in traditional situation awareness platform were also dealt with.Based on high-speed access of big data,artificial intelligence and parallel processing technology were used to optimize the perception and prediction algorithm and a solution of network security situation awareness platform suitable for Chinese railways was also put forward.Furthermore,the solution had been tested and verified in a test environment for a month and the results show that this solution is superior to traditional network security situation awareness platform in perceiving and discovering potential security threats in a railway information network environment with the characteristics of high throughput and high complexity,and can effectively reduce the rate of false alarm and improve the quality and level of alarming of the Chinese railway information network with the characteristics of high throughput and rapid real-time response.