吉林大学学报(信息科学版) ›› 2022, Vol. 40 ›› Issue (1): 82-88.

• • 上一篇    下一篇

基于多源异构传感器的网络安全运营平台设计

付志博1, 杨 航2, 刘家豪1#br#   

  1. 1. 南方电网数字电网研究院有限公司 平台网络安全分公司, 广州 510663; 2. 南方电网有限责任公司 数字化部, 广州 510000
  • 收稿日期:2021-05-19 出版日期:2022-01-25 发布日期:2022-01-29
  • 作者简介:付志博(1990— ), 男(满族), 黑龙江宁安人, 南方电网数字电网研究院有限公司助理工程师, 主要从事信息安全研究,(Tel)86-18502016483(E-mail)fuzhibo123@126.com
  • 基金资助:
    南方电网数字化基金资助项目(2100002021030102SJ00246)

Design of Network Security Operation Platform Based on Multi-Source Heterogeneous Sensor

FU Zhibo1, YANG Hang2, LIU Jiahao1   

  1. 1. Platform and Network Security Company, Southern Power Grid Digital Grid Research Institute Company Limitid,Guangzhou 510663, China; 2. Digital Department, Southern Power Grid Company Limited, Guangzhou 510000, China
  • Received:2021-05-19 Online:2022-01-25 Published:2022-01-29

摘要: 针对基于网络运营过程中, 容易受到外界异常数据或病毒的入侵, 导致网络崩坏, 甚至无法正常运行问题, 设计了一种基于多源异构传感器的网络安全运营平台。 首先改进 DS(Dempster-Shafer)证据论证的合并规则计算 DS / AHP(Dempster-Shafer/ Analytic Hierarchy Process)方法, 以此对多源异构传感器提交的安全数据融合, 然后利用资源层、 采集层、 大数据分析层、 服务层以及展示层构建威胁预警框架, 最后通过日志集中管理、威胁分析、 安全资产的管控分析、 资产识别管理、 攻击溯源分析、 威胁情报的功能分析以及工单、 情报驱动安全运营分析, 即可实现入侵报警、 追溯入侵源头等, 完成安全运营平台的设计。 实验证明, 构建平台能识别出入侵数据, 可以成功地追溯入侵源头, 有效保证平台运营安全。

关键词: 多源异构传感器, 网络安全, 运营平台设计, DS 证据, 攻击溯源分析

Abstract: In the process of network operation, it is easy to be invaded by external abnormal data or virus, which leads to network collapse or even failure to operate normally. Therefore, a network security operation platform based on multi-source heterogeneous sensors is designed. Firstly, the DS / AHP ( Dempster-Shafer/ Analytic Hierarchy Process) method is improved by combining rules of DS(Dempster/ Shafer)evidence demonstration, to fuse the security data submitted by multi-source heterogeneous sensors. Finally, through centralized log management, threat analysis, control analysis of security assets, asset identification management, attack traceability analysis, function analysis of threat intelligence and work order, intelligence driven security operation analysis, intrusion alarm can be realized and the source of intrusion can be traced to complete the design. The experimental results show that the platform can identify the intrusion data, trace the source of the intrusion successfully, and effectively ensure the security of the platform operation.


Key words: multi source heterogeneous sensor, network security, operation platform design, dempster/ shafer(DS) evidence, attack traceability analysis

中图分类号: 

  • TP309. 2