發(fā)布時間：2018-05-15 11:38

  本文選題：大數(shù)據(jù) + 網(wǎng)絡安全��； 參考：《工程科學與技術》2017年03期

【摘要】：隨著IT技術和通信技術的發(fā)展,網(wǎng)絡環(huán)境日趨復雜,云計算和虛擬化等技術的應用,使得主機邊界、網(wǎng)絡邊界也變得動態(tài)和模糊。同時,網(wǎng)絡攻擊頻繁,隱蔽性、持續(xù)性、趨利性等高級網(wǎng)絡威脅增多。而傳統(tǒng)網(wǎng)絡安全與情報分析技術受數(shù)據(jù)來源單一、處理能力有限、部署依賴于物理環(huán)境等因素的限制,導致對威脅情報的獲取、分析、利用能力不足,且對網(wǎng)絡安全態(tài)勢的感知與預測能力有限,不能有效解決當前和未來所面臨的網(wǎng)絡安全挑戰(zhàn)。作者以大數(shù)據(jù)技術給網(wǎng)絡安全與情報分析研究帶來的挑戰(zhàn)與機遇為線索,回顧大數(shù)據(jù)的內(nèi)涵,分析當前網(wǎng)絡安全與情報分析面臨的困境,梳理大數(shù)據(jù)和網(wǎng)絡安全與情報分析的關系,闡述大數(shù)據(jù)技術對傳統(tǒng)安全分析方法的改變。大數(shù)據(jù)技術在安全領域應用形成大數(shù)據(jù)安全分析這一新型安全應對方法,通過緊扣安全數(shù)據(jù)自身的特點和安全分析的目標,應用大數(shù)據(jù)分析的方法和技術,解決網(wǎng)絡安全與情報分析中的實際問題。一方面,批量數(shù)據(jù)處理技術、流式數(shù)據(jù)處理技術、交互式數(shù)據(jù)查詢技術等大數(shù)據(jù)處理技術解決了高性能網(wǎng)絡流量的實時還原與分析、海量歷史日志數(shù)據(jù)分析與快速檢索、海量文本數(shù)據(jù)的實時處理與檢索等網(wǎng)絡安全與情報分析中的數(shù)據(jù)處理問題;另一方面,大數(shù)據(jù)技術應用到安全可視分析、安全事件關聯(lián)、用戶行為分析中,形成大數(shù)據(jù)交互式可視分析、多源事件關聯(lián)分析、用戶實體行為分析、網(wǎng)絡行為分析等一系列大數(shù)據(jù)安全分析研究分支,以應對當前的網(wǎng)絡安全挑戰(zhàn)。大數(shù)據(jù)安全分析技術在APT攻擊檢測、網(wǎng)絡異常檢測、網(wǎng)絡安全態(tài)勢感知、網(wǎng)絡威脅情報分析等方面已經(jīng)得到應用,但是,當前的網(wǎng)絡安全形勢仍不容樂觀:高級網(wǎng)絡威脅與攻擊的有效檢測方法缺乏;未知復雜網(wǎng)絡攻擊與威脅預測能力不足;缺乏度量網(wǎng)絡安全態(tài)勢評估結(jié)果的評價體系,關鍵資產(chǎn)與網(wǎng)絡整體的態(tài)勢評估指標體系不完善,網(wǎng)絡安全態(tài)勢感知評估方法缺少針對性;網(wǎng)絡威脅情報信息分析的新型數(shù)據(jù)源數(shù)據(jù)獲取難度大,缺乏威脅情報共享標準,尚未建成規(guī)�；�、一體化的現(xiàn)代威脅情報中心和開放的威脅情報綜合服務平臺。圍繞這些問題,需要研究高級網(wǎng)絡威脅發(fā)現(xiàn)方法、復雜網(wǎng)絡攻擊預測方法、大規(guī)模網(wǎng)絡安全態(tài)勢感知技術、威脅情報數(shù)據(jù)采集與共享技術,并在高級網(wǎng)絡威脅早期檢測、隱蔽性和持續(xù)性網(wǎng)絡通信行為檢測、基于大數(shù)據(jù)分析的網(wǎng)絡特征提取技術、綜合威脅情報的高級網(wǎng)絡威脅預測、非公開網(wǎng)絡情報采集等關鍵技術上實現(xiàn)突破,以提升大數(shù)據(jù)對網(wǎng)絡信息安全的支撐能力,增強網(wǎng)絡信息安全風險感知、預警和處置能力。
[Abstract]:With the development of IT technology and communication technology, the network environment is becoming more and more complex. The application of cloud computing and virtualization technology makes the boundary of host and network become dynamic and fuzzy. At the same time, high-level network threats such as frequent network attacks, concealment, persistence and profitability are increasing. However, the traditional network security and information analysis technology is limited by the single data source, limited processing capacity, and the deployment depends on physical environment, which leads to the lack of the ability to obtain, analyze and utilize threat information. Moreover, the ability of perception and prediction of network security situation is limited, which can not effectively solve the current and future network security challenges. Based on the challenges and opportunities brought by big data technology to the research of network security and information analysis, the author reviews the connotation of big data and analyzes the predicament of network security and information analysis. This paper combs the relationship between big data and network security and information analysis, and expounds the change of traditional security analysis method by big data technology. Big data security analysis, a new security response method, is formed by the application of big data technology in the field of security. The method and technology of big data analysis are applied to the security data itself and the goal of security analysis. To solve the practical problems in network security and information analysis. On the one hand, batch data processing technology, streaming data processing technology, interactive data query technology and other big data processing technologies solve the problem of real-time restoration and analysis of high performance network traffic, analysis and fast retrieval of massive historical log data. On the other hand, big data technology is applied to security visual analysis, security event association and user behavior analysis. A series of branches of big data security analysis, such as big data interactive visual analysis, multi-source event association analysis, user entity behavior analysis and network behavior analysis, are formed to meet the current network security challenges. Big data security analysis technology has been applied in APT attack detection, network anomaly detection, network security situation awareness, network threat intelligence analysis, etc. The current network security situation is still not optimistic: the lack of effective detection methods for advanced network threats and attacks; the lack of ability to predict unknown and complex network attacks and threats; the lack of evaluation system to measure the results of network security situation assessment; The critical assets and the whole network situation assessment index system is not perfect, the network security situation awareness assessment method lacks pertinence, the new data source of network threat intelligence information analysis is difficult to obtain, and lacks the threat intelligence sharing standard. A modern, integrated threat intelligence center and an open integrated threat intelligence service platform have not yet been built. Around these problems, we need to study advanced network threat detection methods, complex network attack prediction methods, large-scale network security situational awareness technology, threat intelligence data collection and sharing technology, and early detection of advanced network threats. Such key technologies as hidden and persistent network communication behavior detection, network feature extraction technology based on big data analysis, advanced network threat prediction based on comprehensive threat intelligence, closed network information collection and other key technologies achieve breakthroughs. In order to enhance the ability of big data to support the network information security, enhance the network information security risk awareness, early warning and handling ability.
【作者單位】： 四川大學網(wǎng)絡空間安全研究院;四川大學計算機學院;
【基金】：國家自然科學基金資助項目(61272447)
【分類號】：TP311.13;TP393.08

【相似文獻】

相關期刊論文 前10條

1 陳小梅;淺談信息化建設中的銀行網(wǎng)絡安全[J];中國金融電腦;2003年02期

2 邊鋒;;網(wǎng)絡安全融合之道[J];中國計算機用戶;2007年38期

3 劉瑩;網(wǎng)絡安全問題的探討[J];貴州工業(yè)大學學報;1999年01期

4 ;美國專家提出加強網(wǎng)絡安全的10條建議[J];w攣胖蕓，

本文編號：1892317