摘要
为了实现网络流量特征的高效、准确检测,保障信息系统安全可靠运行,提出一种网络异常流量智能感知模型。分析了传统网络异常流量检测方法的局限性,研判了流量检测、风险评估等方面的关键技术,提出了由流量采集和甄别、数据清洗、数据管理、威胁分析和评估应用五大模块构成的智能感知模型,并形成流式建模设计。以网络流量数据统计为基础,保证模型可以应对各种来源数据的采集和分析任务;完备的数据清洗能力能够对多种设备产生的数据进行汇聚和关键性标注;高可靠的数据管理体系能够保障海量数据得以安全存储和及时计算;充分的威胁分析手段支撑了对异常数据的持续检测预警,识别出隐藏在数据背后的攻击事件并得到充分的刻画、追踪;细粒度的评估应用能力保证了风险态势评估、攻击告警响应和智能感知的实现和迭代更新。该模型全方位地实现了网络异常数据的智能感知,具有较强的稳定性、安全性、持续性,为网络安全管理提供了一定的参考依据。
In order to realize the efficient and accurate detection of network traffic characteristics and ensure the safe and reliable operation of the information system,an intelligent perception model of abnormal network traffic is proposed.The limitations of detection methods for abnormal traditional network traffic are analyzed,key technologies in terms of traffic detection and risk assessment is investigated,an intelligent perception model with 5 modules,i.e.traffic acquisition&distinguishment,data cleansing,data management,threat analysis and evaluation application is proposed,and a flow modeling design is formed.Based on the network traffic data statistics,models can guarantee data collection and analysis tasks from a variety of sources.Full data cleaning capabilities allow aggregating and labeling important data generated by multiple devices.A reliable data management system can guarantee a large amount of data to be safely stored and calculated in time.Sufficient threat analysis methods support continuous detection and early warning of anomalous data,allowing recognizing,fully characterizing and tracking attack events hidden behind the data.A fine-grained assessment and application capabilities guarantee the realization and iterative update on the risk situation assessment,attack alarm response and intelligent recognition.Such a model fully realizes intelligent recognition of abnormal network data,with strong stability,security,and continuity,providing a specific reference infrastructure for network security management.
作者
林昕
吕峰
姜亚光
毛炳强
LIN Xin;LV Feng;JIANG Ya-guang;MAO Bing-qiang(China Software Testing Center,Beijing 100048,China;Key Laboratory of General Technology for Safety and Reliability Evaluation of Industrial Control System,Ministry of Industry and Information Technology,Beijing 100048,China;PipeChina Oil and Gas Control Center,Beijing 100013,China)
出处
《工业技术创新》
2021年第3期7-14,共8页
Industrial Technology Innovation
关键词
网络异常流量
数据挖掘
流量检测
威胁分析
风险评估
智能感知
Abnormal Network Traffic
Data Mining
Traffic Detection
Threat Assessment
Risk Assessment
Intelligent Perception
作者简介
林昕(1988-),男,天津人,硕士,工程师。主要研究方向:工业控制系统测评;吕峰(1969-),男,北京西城人,高级工程师。主要研究方向:油气管道自动化控制和工控系统网络安全;通信作者:姜亚光(1985-),女,内蒙古呼伦贝尔人,硕士,工程师。主要研究方向:工业控制系统测评,E-mail:jiangyg@cstc.org.cn;毛炳强(1985-),男,北京朝阳人,硕士。研究方向:油气管道自动化。
