电子学报 ›› 2019, Vol. 47 ›› Issue (4): 927-945.DOI: 10.3969/j.issn.0372-2112.2019.04.021

• 综述评论 • 上一篇    下一篇

网络安全态势感知分析框架与实现方法比较

李艳1, 王纯子1, 黄光球2, 赵旭1, 张斌2, 李盈超1,3   

  1. 1. 西安工程大学管理学院, 陕西西安 710048;
    2. 西安建筑科技大学管理学院, 陕西西安 710055;
    3. 联易软件有限公司, 陕西西安 710000
  • 收稿日期:2018-04-23 修回日期:2018-09-25 出版日期:2019-04-25 发布日期:2019-04-25
  • 作者简介:李艳 男,1984年生,河北承德人,蒙古族,CCF会员,博士,副教授,研究方向为:信息对抗、网络安全.E-mail:sy_liyan137@126.com;王纯子 女,1983年生,陕西西安人,汉族,博士,副教授,研究方向为:网络安全;黄光球 男,1964年生,湖南桃源人,汉族,博士,教授,研究方向为:网络安全、复杂系统建模、分析与控制、系统工程.
  • 基金资助:
    陕西省科学技术研究发展计划(No.2013K1117);陕西省重点学科建设专项资金(No.E08001);西安工程大学博士科研启动基金

A Survey of Architecture and Implementation Method on Cyber Security Situation Awareness Analysis

LI Yan1, WANG Chun-zi1, HUANG Guang-qiu2, ZHAO Xu1, ZHANG Bin2, LI Ying-chao1,3   

  1. 1. School of Management, Xi'an Polytechnic University, Xi'an, Shaanxi 710048, China;
    2. School of Management, Xi'an University of Architecture & Technology, Xi'an, Shaanxi 710055, China;
    3. LianYi Software Co. Ltd., Xi'an, Shaanxi 710000, China
  • Received:2018-04-23 Revised:2018-09-25 Online:2019-04-25 Published:2019-04-25

摘要: 信息技术已经深入到全社会政治、经济、文化的方方面面,信息革命改变了全世界的沟通方式,促使人类社会有了巨大的发展,也使网络安全问题受到了前所未有的关注.针对网络安全问题的研究主要经历了理想化设计保证安全、辅助检测被动防御、主动分析制定策略、全面感知预测趋势4个主要阶段,在各国都在争夺数字控制权的新战略制高点背景下,针对网络安全态势感知的探讨无论是在学术研究上还是在产业化实现上都呈现出了全新的特点.本文对网络安全态势感知进行了尽可能详尽的文献调研,首先介绍了国内外研究现状及网络安全态势感知与传统态势感知之间的区别与联系;然后从数据价值链角度提出了网络安全态势感知的逻辑分析框架,将整个过程分解为要素采集、模型表示、度量确立、求解分析和态势预测五个连续的处理阶段,随后对每个阶段的作用,主流的方法进行了阐述,并对在实验对象上的应用结果以及方法间的横向比较进行了说明.本文意图对网络安全态势感知提供全景知识,为网络安全的产业化方案提供辅助思想,希望能够对此领域的科研和工程人员起到参考作用.

关键词: 网络安全, 网络态势感知, 攻击模型, 入侵检测, 数据融合分析

Abstract: Information technology has penetrated into all aspects of politics,economy and culture in the whole society.The information revolution has changed the way of communication all over the world,promoted the development of human society,and made the problem of network security get unprecedented attention.The research on network security has mainly experienced 4 main stages:idealized design ensures safety,passive defense after auxiliary detection,actively analyze and formulate security strategies,forecast trend after comprehensive perception.Under the background of the new strategic commanding point for the power of digital control in all countries,the research on the Cyber Security Situation Awareness Analysis (CSSA) has presented new features in both academic research and industrialization.This paper makes a detailed literature survey on CSSA.First,it introduces the status of the research and the difference and connection between CSSA and traditional awareness analysis.Then the logical analysis framework of CSSA is proposed from the perspective of data value chain.The whole process is decomposed into five continuous stages of processing,including factor collection,model representation,measurement establishment,solution analysis and situation prediction.After that,the role and the mainstream method of each stage are expounded,and the application results on the experimental object and the horizontal comparison between the methods are explained.The purpose of this paper is to provide a panoramic knowledge of CSSA,and to provide an auxiliary idea for the network security industrialization scheme,and hope that it can serve as a reference for scientific research and engineering personnel in this field.

Key words: network security, network situation awareness, attack model, intrusion detection, data fusion analysis

中图分类号: