基于多源异构传感器的网络安全运营平台设计

吉林大学学报(信息科学版) ›› 2022, Vol. 40 ›› Issue (1): 82-88.

基于多源异构传感器的网络安全运营平台设计

付志博¹, 杨航², 刘家豪¹#br#

1. 南方电网数字电网研究院有限公司平台网络安全分公司, 广州 510663; 2. 南方电网有限责任公司数字化部, 广州 510000

收稿日期:2021-05-19 出版日期:2022-01-25 发布日期:2022-01-29
作者简介:付志博(1990— ), 男(满族), 黑龙江宁安人, 南方电网数字电网研究院有限公司助理工程师, 主要从事信息安全研究,(Tel)86-18502016483(E-mail)fuzhibo123@126.com
基金资助:
南方电网数字化基金资助项目(2100002021030102SJ00246)

Design of Network Security Operation Platform Based on Multi-Source Heterogeneous Sensor

FU Zhibo¹, YANG Hang², LIU Jiahao¹

1. Platform and Network Security Company, Southern Power Grid Digital Grid Research Institute Company Limitid,Guangzhou 510663, China; 2. Digital Department, Southern Power Grid Company Limited, Guangzhou 510000, China

Received:2021-05-19 Online:2022-01-25 Published:2022-01-29

摘要/Abstract

摘要： 针对基于网络运营过程中, 容易受到外界异常数据或病毒的入侵, 导致网络崩坏, 甚至无法正常运行问题, 设计了一种基于多源异构传感器的网络安全运营平台。首先改进 DS(Dempster-Shafer)证据论证的合并规则计算 DS / AHP(Dempster-Shafer/ Analytic Hierarchy Process)方法, 以此对多源异构传感器提交的安全数据融合, 然后利用资源层、采集层、大数据分析层、服务层以及展示层构建威胁预警框架, 最后通过日志集中管理、威胁分析、安全资产的管控分析、资产识别管理、攻击溯源分析、威胁情报的功能分析以及工单、情报驱动安全运营分析, 即可实现入侵报警、追溯入侵源头等, 完成安全运营平台的设计。实验证明, 构建平台能识别出入侵数据, 可以成功地追溯入侵源头, 有效保证平台运营安全。

关键词: 多源异构传感器, 网络安全, 运营平台设计, DS 证据, 攻击溯源分析

Abstract: In the process of network operation, it is easy to be invaded by external abnormal data or virus, which leads to network collapse or even failure to operate normally. Therefore, a network security operation platform based on multi-source heterogeneous sensors is designed. Firstly, the DS / AHP ( Dempster-Shafer/ Analytic Hierarchy Process) method is improved by combining rules of DS(Dempster/ Shafer)evidence demonstration, to fuse the security data submitted by multi-source heterogeneous sensors. Finally, through centralized log management, threat analysis, control analysis of security assets, asset identification management, attack traceability analysis, function analysis of threat intelligence and work order, intelligence driven security operation analysis, intrusion alarm can be realized and the source of intrusion can be traced to complete the design. The experimental results show that the platform can identify the intrusion data, trace the source of the intrusion successfully, and effectively ensure the security of the platform operation.

Key words: multi source heterogeneous sensor, network security, operation platform design, dempster/ shafer(DS) evidence, attack traceability analysis

中图分类号:

TP309. 2

付志博, 杨航, 刘家豪. 基于多源异构传感器的网络安全运营平台设计[J]. 吉林大学学报(信息科学版), 2022, 40(1): 82-88.

FU Zhibo , YANG Hang , LIU Jiahao . Design of Network Security Operation Platform Based on Multi-Source Heterogeneous Sensor[J]. Journal of Jilin University (Information Science Edition), 2022, 40(1): 82-88.

[1]	张赛男, 孙彪. 基于机器学习的网络异常检测方法综述[J]. 吉林大学学报(信息科学版), 2021, 39(6): 732-742.
[2]	李威, 杨忠明. 入侵检测系统的研究综述[J]. 吉林大学学报(信息科学版), 2016, 34(5): 657-662.
[3]	陶跃, 田迎华. 多级可拓评价方法在网络安全评价中的应用[J]. J4, 2013, 31(1): 95-100.
[4]	宋和平,胡成全,樊东霞,何丽莉,曹英晖. 基于簇的无线传感器网络密钥管理方案[J]. J4, 2011, 29(03): 231-.
[5]	张云英,努尔布力\|王程明\|姜千\|胡亮. 入侵容忍综述[J]. J4, 2009, 27(04): 389-.
[6]	姜千\|胡亮\|赵阔\|努尔布力\|王程明. 入侵检测系统评估技术研究[J]. J4, 2009, 27(04): 383-.
[7]	沈泓,范亚芹. 企业局域网机密信息传输系统设计[J]. J4, 2009, 27(03): 324-.