摘要
近年来,在国家网络安全等级保护和关键信息基础设施保护工作的推动下,政务网络安全保障体系建设不断完善.针对有组织、隐蔽性强、常态化的网络安全攻击威胁,建设基于持续监测、动态防御和协同处置的整体作战能力越来越重要.安全监测是第一道防线,要构建覆盖全网、全域和全业务的安全监测平台,关键是解决多源异构大数据的采集、融合分析和展现应用等难点问题,提高对全风险要素的感知、预测、防范能力.基于政务网络安全监测需求,提出"1+1+N"模式的政务网络安全监测平台架构,给出支持多源数据采集、集成接口和规范化处理的数据总线结构,介绍基于多分析引擎的数据关联分析模型和大数据融合分析技术,最后给出政务网络安全监测平台实践案例.
In recent years,with the promotion of national network security level protection and critical information infrastructure protection,the construction of government network security assurance system has been continuously improved.In view of the organized,hidden and normalized threat of network security attack,it is more and more important to build the overall combat capability based on continuous monitoring,dynamic defense and collaborative disposal.Security monitoring is the first line of defense.To build a security monitoring platform covering the whole network,the whole domain and the whole business,the key is to solve the difficult problems of multi-source heterogeneous big data collection,fusion analysis and display application,and improve the ability of perception,prediction and prevention of all risk elements.Based on the needs of government network security monitoring,this paper proposes a "1+1+ N "model of government network security monitoring platform architecture,presents a data bus structure integrating multi-source data collection,integrated interface and normalization process,introduces the data association analysis model based on multi analysis engine and the big data fusion analysis technology,and finally gives a practical case of government network security monitoring platform.
作者
刘蓓
禄凯
程浩
闫桂勋
Liu Bei;Lu Kai;Cheng Hao;Yan Guixun(Department of Information&Network Security,State Information Center,Beijing100045)
出处
《信息安全研究》
2020年第6期491-498,共8页
Journal of Information Security Research
关键词
安全监测
态势感知
政务网络
异构数据融合
大数据分析
security monitoring
situation awareness
government network
heterogeneous data fusion
big data analysis