| Network security situation awareness is currently full and efficient implementation of computer network security monitoring of a new technology, is currently the information security research, application of hot and difficult one. This situational awareness of online security system, key technologies, is building a comprehensive network security system on the premise and basis for the realization of the application of network security situational awareness is critical.We carry out the integration of information security situational awareness, assessment and early warning technology research aims to address the issue of network security systems, especially for a spatial distribution, real-time demanding, offensive and defensive opponents of features such as large-scale distributed heterogeneous network system. As the network security system is actually a technical means of detection and control of large systems, it is in cyberspace systems and network security incidents on the system against the system, so the system needs in a timely manner from the software and related databases distributed sensor multi-source data fusion for multi-level information in order to complete real-time identification of network security incidents and proactive response.This article focuses on network security situational awareness system architecture, model and implementation of key technologies. Overview of network security situational awareness system of the basic situation, covering network security situational awareness system, Background, and the related distinction between the concept of contact, forming a network security situational awareness system of the basic theoretical framework. Focused on analysis based on Bayesian networks and knowledge-based security posture assessment, and stressed that the security situation in the integrity of management information management, proposed a scalable security posture management framework. Finally, in Guangdong Mobile and partners to build a network security situational awareness system, which generally include the overall security status of data acquisition, multi-source information fusion, generation and assessment of security situation, the security situation in the four levels of warning. This generates a higher level of security posture and evaluation, network security situational awareness based on the results to infer or determine the level of threat and possible action. The warning of security posture may percept various threats to information systems, the security situation-based generation and evaluation of results and accurately determine the security risks and possible attack, in a timely manner to alert. |
PDF Full Text Request