摘要
态势感知概念最早来自于美国空军,是对战场周围环境信息进行分析,对战场趋势进行判断并做出决策。工业网络安全态势感知,是对引起安全问题的工业网络环境因素信息进行采集、处理、评价和预测,采取可视化手段展示分析结果,以防止网络瘫痪和工业数据信息泄漏。数据挖掘是对海量数据信息进行识别与提取,用来获取到更有价值的数据信息,通过数据挖掘来准确、高效地从工业网络中发现威胁态势,有利于提升工业网络的抗干扰能力。介绍了数据挖掘技术的概念、算法、挖掘办法等因素,基于特征相似度的多源报警冗余消除进行研究,对网络情况进行检测、评估与预测,为工业网络安全防御提供依据。
The concept of situational awareness first came from the United States Air Force,which is to analyze the information of the surrounding environment of the battlefield,make judgments and decisions on battlefield trends.Industrial network security situational awareness is the collection,processing,evaluation and prediction of information on industrial network environmental factors that cause security problems,and the visualization of analysis results to prevent network paralysis and industrial data information leakage.Data mining is the identification and extraction of massive data information,which is used to obtain more valuable data information.Data mining is used to accurately and efficiently discover threat postures from industrial networks,which is conducive to improving the anti-interference capability of industrial networks.The concepts,algorithms,mining approaches and other factors of data mining technology are introduced,and the redundancy elimination of multi-source alarms based on feature similarity is studied to detect,evaluate and predict network situations and provide a basis for industrial network security defence.
作者
冯淼
李致远
Feng Miao;Li Zhiyuan(Shanxi Information and Information Security Evaluation Center,Taiyuan Shanxi 030006;CETC Pengyue Electronic Technology Co.,Ltd.,Taiyuan Shanxi 030006)
出处
《现代工业经济和信息化》
2022年第11期99-101,共3页
Modern Industrial Economy and Informationization
关键词
数据挖掘
网络安全
态势感知
data mining
cyber security
situational awareness
