| 摘 要: 针对目前层出不穷的各类网络攻击事件,基于最新的大数据技术组件,构建集数据收集、数据处理、数据存储、数据分析、数据呈现于一体的安全态势感知系统框架。通过Flume和Kafka获取日志或网络攻击信息,使用MapReduce和Storm技术进行批量或实时分析,以达到对网络安全的感知;采用层次分析法确定指标权重,提取网络态势特征,通过分析构建判定矩阵完成对网络安全态势的评估,并利用神经网络、关联分析、时间序列画出三种预测技术;通过ECharts进行可视化图表部署,采用R语言、ECharts技术对威胁类型、攻击数据进行展示和分析,将攻击源进行可视化,从而完成安全态势的预测。系统具有高可用、可扩展、易部署等特点,能较好地支撑各类网络安全威胁的感知与预测。 |
| 关键词: 网络安全;态势感知;大数据;分布式 |
|
中图分类号: TP309
文献标识码: A
|
| 基金项目: 浙江省产学合作协同育人项目(2020);绍兴市高等教育教学改革项目(SXSJG202007);浙江理工大学科技与艺术学院科研项目(KY2021001). |
|
| Research on Security Situation Awareness System based on Big Data |
|
LIU Haixia1, XU Xinlei2, RAN Yuyao1, ZHAO Xiaojuan3
|
( 1.Keyi College, Zhejiang Sci-Tech University, Shaoxing 312369, China ;
2.Hangzhou Anheng Information Technology Co ., Ltd., Hangzhou 310018, China ;
3.Luoyang Radio & Television University, Luoyang 471000, China)
304361324@qq.com; 25195913@qq.com; ranyuyao@126.com; 58724833@qq.com
|
| Abstract: In view of various attack events that are emerging one after another, this paper proposes to build a security situational awareness system framework that integrates data collection, data processing, data storage, data analysis, and data presentation based on the latest big data technology components. Logs or network attack information are obtained through Flume and Kafka, and MapReduce and Storm technology are used to perform batch or real-time analysis, so to achieve network security perception. AHP (Analytic Hierarchy Process) is used to determine the index weights, extract the characteristics of the network situation, and complete the assessment of the network security situation by analyzing and constructing a judgment matrix. Neural network, correlation analysis, and time series are used to draw three forecasting techniques. Visualized chart is deployed through ECharts and R language is used. ECharts is used to display and analyze threat types and attack data, and visualize attack sources, thereby completing security situation prediction. The system has the characteristics of high availability, scalability, and easy deployment, and can better support the perception and prediction of various network security threats. |
| Keywords: network security; situational awareness; big data; distribution |
