浏览全部资源
扫码关注微信
1. 四川大学 网络空间安全研究院四川,成都,610065
2. 四川大学 计算机学院四川,成都,610065
纸质出版日期:2017,
网络出版日期:2017-5-5,
扫 描 看 全 文
陈兴蜀,曾雪梅,王文贤,邵国林.基于大数据的网络安全与情报分析[J].工程科学与技术,2017,49(3):1-12.
CHEN Xingshu, ZENG Xuemei, WANG Wenxian, et al. Big Data Analytics for Network Security and Intelligence[J]. Advanced Engineering Sciences, 2017,49(3):1-12.
陈兴蜀,曾雪梅,王文贤,邵国林.基于大数据的网络安全与情报分析[J].工程科学与技术,2017,49(3):1-12. DOI: 10.15961/j.jsuese.201600352.
CHEN Xingshu, ZENG Xuemei, WANG Wenxian, et al. Big Data Analytics for Network Security and Intelligence[J]. Advanced Engineering Sciences, 2017,49(3):1-12. DOI: 10.15961/j.jsuese.201600352.
中文摘要: 随着IT技术和通信技术的发展,网络环境日趋复杂,云计算和虚拟化等技术的应用,使得主机边界、网络边界也变得动态和模糊。同时,网络攻击频繁,隐蔽性、持续性、趋利性等高级网络威胁增多。而传统网络安全与情报分析技术受数据来源单一、处理能力有限、部署依赖于物理环境等因素的限制,导致对威胁情报的获取、分析、利用能力不足,且对网络安全态势的感知与预测能力有限,不能有效解决当前和未来所面临的网络安全挑战。作者以大数据技术给网络安全与情报分析研究带来的挑战与机遇为线索,回顾大数据的内涵,分析当前网络安全与情报分析面临的困境,梳理大数据和网络安全与情报分析的关系,阐述大数据技术对传统安全分析方法的改变。大数据技术在安全领域应用形成大数据安全分析这一新型安全应对方法,通过紧扣安全数据自身的特点和安全分析的目标,应用大数据分析的方法和技术,解决网络安全与情报分析中的实际问题。一方面,批量数据处理技术、流式数据处理技术、交互式数据查询技术等大数据处理技术解决了高性能网络流量的实时还原与分析、海量历史日志数据分析与快速检索、海量文本数据的实时处理与检索等网络安全与情报分析中的数据处理问题;另一方面,大数据技术应用到安全可视分析、安全事件关联、用户行为分析中,形成大数据交互式可视分析、多源事件关联分析、用户实体行为分析、网络行为分析等一系列大数据安全分析研究分支,以应对当前的网络安全挑战。大数据安全分析技术在APT攻击检测、网络异常检测、网络安全态势感知、网络威胁情报分析等方面已经得到应用,但是,当前的网络安全形势仍不容乐观:高级网络威胁与攻击的有效检测方法缺乏;未知复杂网络攻击与威胁预测能力不足;缺乏度量网络安全态势评估结果的评价体系,关键资产与网络整体的态势评估指标体系不完善,网络安全态势感知评估方法缺少针对性;网络威胁情报信息分析的新型数据源数据获取难度大,缺乏威胁情报共享标准,尚未建成规模化、一体化的现代威胁情报中心和开放的威胁情报综合服务平台。围绕这些问题,需要研究高级网络威胁发现方法、复杂网络攻击预测方法、大规模网络安全态势感知技术、威胁情报数据采集与共享技术,并在高级网络威胁早期检测、隐蔽性和持续性网络通信行为检测、基于大数据分析的网络特征提取技术、综合威胁情报的高级网络威胁预测、非公开网络情报采集等关键技术上实现突破,以提升大数据对网络信息安全的支撑能力,增强网络信息安全风险感知、预警和处置能力。
Abstract:With the development of IT and communication technology
the network environment is becoming more and more complicated
and the perimeters of host and network become dynamic and fuzzy due to the application of cloud computing and visualization technology.At the same time
network attacks become more frequent and advanced network threats with evasive and persistent behavior and profit-chasing are also increasing.However
due to the limit of data source and process ability and device deployment relied on physical environment
traditional network security and intelligence techniques are inefficient on the acquisition capability
analytical abilities and utilize capacity of threat intelligence
and the perception and prediction ability of the network security situation is limited
so it cannot solve the current and future network security challenges efficiently.The chances and challenges caused by big data for network security and intelligence analysis are took as this paper clue.first of all
the connotation of big data is reviewed
and the current dilemmas in network security and intelligence analysis are analyzed
and then the relationship between big data with network security and intelligence analysis is explored
and the changes of traditional security analysis brought by big data technologies are parsed.Big data security analysis
a new security method is formed after the big data technologies was applied in cyber security field.The value of big data security analysis embodies in solving practical problems in network security and intelligence analysis through the methods and technologies of big data analysis under sticking to the purpose of security analysis and the character of security data itself.On the one hand
big data processing technology
such as bulk data processing technology
streaming data processing technology
interactive data query technology
can solve the issues of data processing in the high-performance network traffic real-time restore and analysis
massive historical log data analysis and rapid retrieval
massive text data real-time processing.On the other hand
big data technologies are applied in security visual analysis
security event association and network user behavior analysis
a series research branch of big data security analysis are formed
such as big data interactive visual analysis
multi-source event correlation analysis
user entity behavior analysis
network behavior analysis and so on.Big data security analysis technologies have applied in APT attack detection
network anomaly detection
network security situation perception
network threat intelligence analysis
etc.Even though some achievements have been made in big data based network security and intelligence analysis
the current network security situation is still not optimistic.The effective detection method of advanced network threats and attacks is lacking.The detection and prediction result to unknown complex network attacks is undesirable.The measurement system for evaluation methods of network security situation awareness is needed
and large-scale network security situation awareness indicator system for key assets and entire network is incomplete yet
and the evaluation methods are no pertinence.It is difficult to acquire data from new type data sources of threat information and the standards of threat intelligence sharing are needed to be researched further.Large-scale and integrate threat intelligence center and open service platform aren't yet build.Around the above problems
it needs to be studied that the methods of advanced network threat discovery
complex network attack prediction
large-scale network security situational awareness and threat information collection and sharing technology and needs some key technical breakthroughs such as early detection of advanced network threats
concealment of continuous network communication behavior detection
big data analytics based network feature extraction technology
intelligent-based advanced network threat forecast
non-public network intelligence collection
so as to improve the big data supporting capability for network information security and enhance network information security risk perception and disposal capacity.
大数据网络安全情报分析
big datanetwork securityintelligence analysis
Gartner.Information security is becoming a big data analytics Problem[EB/OL].[2012-03-23].https://www.gartner.com/doc/1960615/information-security-big-data-analytics.
大数据标准化白皮书(2016年)[R].北京:全国信息技术标准化技术委员会大数据标准工作组中国电子技术标准化研究院,2016.
NIST Big Data Public Working Group.Draft NIST big data interoperability framework:Volume 1,definitions[EB/OL].[2017-03-20].http://bigdatawg.nist.gov/home.php.
大数据白皮书(2016年)[R].北京:中国信息通信研究院(工业和信息化部电信研究院),2016.
Cisco.OpenSOC: Big data security analytics framework [EB/OL].[2017-03-20].http://opensoc.github.io/.
Cloud Security Alliance.Big data analytics for security intelligence[EB/OL].[2017-03-20].https://downloads.cloudsecurityalliance.org/initiatives/bdwg/Big_Data_Analytics_for_Security_Intelligence.pdf.2013.
Sun Dawei,Zhang Guangyan,Zheng Weimin.Big data stream computing:Technologies and instance[J].Journal of Software,2014,25(4):839-862.[孙大为,张广艳,郑纬民.大数据流式计算:关键技术及系统实例[J].软件学报,2014,25(4):839-862.]
Franklin M.The berkeley data analytics stack:Present and future[C]// Proceedings of the 2013 IEEE International Conference on Big Data.Santa Clara:IEEE,2013:2-3.
Dumitras T,Shou D.Toward a standard benchmark for computer security research:The worldwide intelligence network environment (WINE)[C]//Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security.New York:ACM,2011:89-96.
Francois J,Wang S,Bronzi W,et al.Botcloud:Detecting botnets using mapreduce[C]//Proceedings of the 2011 IEEE International Workshop on Information Forensics and Security (WIFS).New York:IEEE,2011:1-6.
Singh K,Guntuku S C,Thakur A,et al.Big data analytics framework for peer-to-peer botnet detection using random forests[J].Information Sciences,2014,278:488-497.
Kaushik G,Patil S,Chawla T.Botnet detection techniques with data mining using MapReduce[J].Journal of Basic and Applied Engineering Research,2014,2(10):869-873.
Apache Spark
Ma Ke,Li Lingjuan.Distributed real time stream data clustering algorithm and its implementation based on storm[J].Journal of Nanjing University of Posts and Telecommunications(Natural Science Edition),2016(2):104-110.[马可,李玲娟.分布式实时流数据聚类算法及其基于Storm的实现[J].南京邮电大学学报(自然科学版),2016(2):104-110.]
Zhao Ying,Wang Quan,Huang Yezi,et al.Collaborative visual analytics for network traffic time-series data with multiple views[J].Journal of Software,2016,27(5):1188-1198.[赵颖,王权,黄叶子,等.多视图合作的网络流量时序数据可视分析[J].软件学报.2016,27(5):1188-1198.]
Cheng Xueqi,Jin Xiaolong,Wang Yuanzhuo,et al.Survey on big data system and analytic technology [J].Journal of Software,2014,25(9):1889-1908.[程学旗,靳小龙,王元卓,等.大数据系统和分析技术综述[J].软件学报.2014,25(9):1889-1908.]
Zhao Kejun,Ge Liansheng,Liu Yang,et al.Sclable security analysis platform based on Hadoop and Spark[J].Journal of Huazhong University of Science & Technology (Natural Science Edition),2016(Sup.1):25-28.[赵科军,葛连升,刘洋,等.基于Hadoop和Spark构建可扩展的网络安全分析平台[J].华中科技大学学报(自然科学版),2016 (增刊1):25-28.]
Marchal S,Jiang X,State R,et al.A big data architecture for large scale security monitoring[C]//Proceedings of the 2014 IEEE International Conference on Big Data.Anchorage:IEEE,2014:56-63.
Melnik S,Gubarev A,Long J J,Romer G,Shivakumar S,Tolton M,Vassilakis T.Dremel:Interactive analysis of web-scale datasets[J].Proceedings of the VLDB Endowment,2010,3(1-2):330-339.
Ren Lei,Du Yi,Ma Shuai,et al.Visual analytics to-wards big data[J].Journal of Software,2014,25(9):1909-1936.[任磊,杜一,马帅,等.大数据可视分析综述[J].软件学报.,2014,25(9):1909-1936.]
0
浏览量
12335
下载量
124
CNKI被引量
关联资源
相关文章
相关作者
相关机构