本文選題：大數(shù)據(jù) + 網(wǎng)絡(luò)安全�。� 參考：《工程科學(xué)與技術(shù)》2017年03期

【摘要】：隨著IT技術(shù)和通信技術(shù)的發(fā)展,網(wǎng)絡(luò)環(huán)境日趨復(fù)雜,云計(jì)算和虛擬化等技術(shù)的應(yīng)用,使得主機(jī)邊界、網(wǎng)絡(luò)邊界也變得動(dòng)態(tài)和模糊。同時(shí),網(wǎng)絡(luò)攻擊頻繁,隱蔽性、持續(xù)性、趨利性等高級網(wǎng)絡(luò)威脅增多。而傳統(tǒng)網(wǎng)絡(luò)安全與情報(bào)分析技術(shù)受數(shù)據(jù)來源單一、處理能力有限、部署依賴于物理環(huán)境等因素的限制,導(dǎo)致對威脅情報(bào)的獲取、分析、利用能力不足,且對網(wǎng)絡(luò)安全態(tài)勢的感知與預(yù)測能力有限,不能有效解決當(dāng)前和未來所面臨的網(wǎng)絡(luò)安全挑戰(zhàn)。作者以大數(shù)據(jù)技術(shù)給網(wǎng)絡(luò)安全與情報(bào)分析研究帶來的挑戰(zhàn)與機(jī)遇為線索,回顧大數(shù)據(jù)的內(nèi)涵,分析當(dāng)前網(wǎng)絡(luò)安全與情報(bào)分析面臨的困境,梳理大數(shù)據(jù)和網(wǎng)絡(luò)安全與情報(bào)分析的關(guān)系,闡述大數(shù)據(jù)技術(shù)對傳統(tǒng)安全分析方法的改變。大數(shù)據(jù)技術(shù)在安全領(lǐng)域應(yīng)用形成大數(shù)據(jù)安全分析這一新型安全應(yīng)對方法,通過緊扣安全數(shù)據(jù)自身的特點(diǎn)和安全分析的目標(biāo),應(yīng)用大數(shù)據(jù)分析的方法和技術(shù),解決網(wǎng)絡(luò)安全與情報(bào)分析中的實(shí)際問題。一方面,批量數(shù)據(jù)處理技術(shù)、流式數(shù)據(jù)處理技術(shù)、交互式數(shù)據(jù)查詢技術(shù)等大數(shù)據(jù)處理技術(shù)解決了高性能網(wǎng)絡(luò)流量的實(shí)時(shí)還原與分析、海量歷史日志數(shù)據(jù)分析與快速檢索、海量文本數(shù)據(jù)的實(shí)時(shí)處理與檢索等網(wǎng)絡(luò)安全與情報(bào)分析中的數(shù)據(jù)處理問題;另一方面,大數(shù)據(jù)技術(shù)應(yīng)用到安全可視分析、安全事件關(guān)聯(lián)、用戶行為分析中,形成大數(shù)據(jù)交互式可視分析、多源事件關(guān)聯(lián)分析、用戶實(shí)體行為分析、網(wǎng)絡(luò)行為分析等一系列大數(shù)據(jù)安全分析研究分支,以應(yīng)對當(dāng)前的網(wǎng)絡(luò)安全挑戰(zhàn)。大數(shù)據(jù)安全分析技術(shù)在APT攻擊檢測、網(wǎng)絡(luò)異常檢測、網(wǎng)絡(luò)安全態(tài)勢感知、網(wǎng)絡(luò)威脅情報(bào)分析等方面已經(jīng)得到應(yīng)用,但是,當(dāng)前的網(wǎng)絡(luò)安全形勢仍不容樂觀:高級網(wǎng)絡(luò)威脅與攻擊的有效檢測方法缺乏;未知復(fù)雜網(wǎng)絡(luò)攻擊與威脅預(yù)測能力不足;缺乏度量網(wǎng)絡(luò)安全態(tài)勢評估結(jié)果的評價(jià)體系,關(guān)鍵資產(chǎn)與網(wǎng)絡(luò)整體的態(tài)勢評估指標(biāo)體系不完善,網(wǎng)絡(luò)安全態(tài)勢感知評估方法缺少針對性;網(wǎng)絡(luò)威脅情報(bào)信息分析的新型數(shù)據(jù)源數(shù)據(jù)獲取難度大,缺乏威脅情報(bào)共享標(biāo)準(zhǔn),尚未建成規(guī)�；�、一體化的現(xiàn)代威脅情報(bào)中心和開放的威脅情報(bào)綜合服務(wù)平臺。圍繞這些問題,需要研究高級網(wǎng)絡(luò)威脅發(fā)現(xiàn)方法、復(fù)雜網(wǎng)絡(luò)攻擊預(yù)測方法、大規(guī)模網(wǎng)絡(luò)安全態(tài)勢感知技術(shù)、威脅情報(bào)數(shù)據(jù)采集與共享技術(shù),并在高級網(wǎng)絡(luò)威脅早期檢測、隱蔽性和持續(xù)性網(wǎng)絡(luò)通信行為檢測、基于大數(shù)據(jù)分析的網(wǎng)絡(luò)特征提取技術(shù)、綜合威脅情報(bào)的高級網(wǎng)絡(luò)威脅預(yù)測、非公開網(wǎng)絡(luò)情報(bào)采集等關(guān)鍵技術(shù)上實(shí)現(xiàn)突破,以提升大數(shù)據(jù)對網(wǎng)絡(luò)信息安全的支撐能力,增強(qiáng)網(wǎng)絡(luò)信息安全風(fēng)險(xiǎn)感知、預(yù)警和處置能力。
[Abstract]:With the development of IT technology and communication technology, the network environment is becoming more and more complex. The application of cloud computing and virtualization technology makes the boundary of host and network become dynamic and fuzzy. At the same time, high-level network threats such as frequent network attacks, concealment, persistence and profitability are increasing. However, the traditional network security and information analysis technology is limited by the single data source, limited processing capacity, and the deployment depends on physical environment, which leads to the lack of the ability to obtain, analyze and utilize threat information. Moreover, the ability of perception and prediction of network security situation is limited, which can not effectively solve the current and future network security challenges. Based on the challenges and opportunities brought by big data technology to the research of network security and information analysis, the author reviews the connotation of big data and analyzes the predicament of network security and information analysis. This paper combs the relationship between big data and network security and information analysis, and expounds the change of traditional security analysis method by big data technology. Big data security analysis, a new security response method, is formed by the application of big data technology in the field of security. The method and technology of big data analysis are applied to the security data itself and the goal of security analysis. To solve the practical problems in network security and information analysis. On the one hand, batch data processing technology, streaming data processing technology, interactive data query technology and other big data processing technologies solve the problem of real-time restoration and analysis of high performance network traffic, analysis and fast retrieval of massive historical log data. On the other hand, big data technology is applied to security visual analysis, security event association and user behavior analysis. A series of branches of big data security analysis, such as big data interactive visual analysis, multi-source event association analysis, user entity behavior analysis and network behavior analysis, are formed to meet the current network security challenges. Big data security analysis technology has been applied in APT attack detection, network anomaly detection, network security situation awareness, network threat intelligence analysis, etc. The current network security situation is still not optimistic: the lack of effective detection methods for advanced network threats and attacks; the lack of ability to predict unknown and complex network attacks and threats; the lack of evaluation system to measure the results of network security situation assessment; The critical assets and the whole network situation assessment index system is not perfect, the network security situation awareness assessment method lacks pertinence, the new data source of network threat intelligence information analysis is difficult to obtain, and lacks the threat intelligence sharing standard. A modern, integrated threat intelligence center and an open integrated threat intelligence service platform have not yet been built. Around these problems, we need to study advanced network threat detection methods, complex network attack prediction methods, large-scale network security situational awareness technology, threat intelligence data collection and sharing technology, and early detection of advanced network threats. Such key technologies as hidden and persistent network communication behavior detection, network feature extraction technology based on big data analysis, advanced network threat prediction based on comprehensive threat intelligence, closed network information collection and other key technologies achieve breakthroughs. In order to enhance the ability of big data to support the network information security, enhance the network information security risk awareness, early warning and handling ability.
【作者單位】： 四川大學(xué)網(wǎng)絡(luò)空間安全研究院;四川大學(xué)計(jì)算機(jī)學(xué)院;
【基金】：國家自然科學(xué)基金資助項(xiàng)目(61272447)
【分類號】：TP311.13;TP393.08

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 陳小梅;淺談信息化建設(shè)中的銀行網(wǎng)絡(luò)安全[J];中國金融電腦;2003年02期

2 邊鋒;;網(wǎng)絡(luò)安全融合之道[J];中國計(jì)算機(jī)用戶;2007年38期

3 劉瑩;網(wǎng)絡(luò)安全問題的探討[J];貴州工業(yè)大學(xué)學(xué)報(bào);1999年01期

4 ;美國專家提出加強(qiáng)網(wǎng)絡(luò)安全的10條建議[J];w攣胖蕓，

本文編號：1892317