Security Situation Awareness System Based On Big Data Network Theory And Realization

Based on the service theory of "people-oriented,data-centered,and technologysupported",this paper analyzes,designs and implements a network security situation awareness system based on big data to collect,analyze,monitor,and sense real-time data information of assets,equipment,and services within the government-enterprise industry as well as related data information of malicious attacks such as external viruses and trojans,and to report early warning and security response in time,so as to help enterprises make correct security protection strategies in time and ensure enterprise data security.This system is dedicated to help enterprises enhance their security and defense capabilities through big data analysis,intelligent analysis engine,visualization and other related technologies,and to compete with events that threaten enterprise security by adopting appropriate tools and formulating detailed procedures and security policies.It helps enterprises to complete the work of data flow collection,security intelligence summary,analysis platform,improvement of response system construction,and training of internal staff security ability,etc.,so as to build a new network security state system for enterprises,so as to better deal with network malicious attacks.Big data network security situational awareness refers to the pre-acquisition and understanding of internal and external factors that can threaten network security,in-process protection and detection,post-response repair and display,and prediction of future development trend in the modern information environment and a large number of network data.This network security situation awareness system proposes a platform architecture(Cybertron platform)integrating big data technology,which can integrate security event awareness,monitoring,early warning,notification,response disposal and visualization.First,at the level of security situation element collection,the system can centrally acquire and store data related to system security such as asset status,vulnerability situation,original log,data flow,etc.in the enterprise operating environment through the flexible collection architecture,storage architecture and analysis architecture built into the platform.Secondly,at the level of security situation monitoring and early warning,the system provides multilevel intelligent security analysis engine technology,which can formulate different security analysis rules according to different intrusion scenarios,analyze the relevant security logs and traffic metadata acquired in real time through powerful association analysis engine rules,and combine the analysis results with different scenario data and external threat information,thus not only effectively discovering illegal assets,behaviors,strategies and threats inside the enterprise,but also discovering attacks and threats outside the enterprise,and making corresponding early warning in time.Finally,at the level of security situation visualization,the system provides a visualization and standardization technology,which provides a variety of response methods including work orders,so that the enterprise's methods of detection,protection and management of security incidents are more standardized and the workflow is more detailed.Finally,the generated various security situation reports are presented to enterprise security personnel through rich dashboards,providing reference for enterprise personnel to deal with security incidents.The system builds an all-weather and multi-faceted network security situation awareness system through a variety of big data analysis engine methods.On the basis of the related level protection management system,the system builds a depth defense system for the government and enterprise sectors that can enhance their own network security capabilities,strengthen information protection of important data of enterprises and enhance security monitoring and early warning of intrusion events,thus helping enterprises to realize the progression from standardized management to attack information detection.Upgrade from only detecting known security events to successfully detecting unknown attack events;From safe passive response to active safety,safety automation and other safety services,fast closed-loop processing can further realize all-weather all-round security situational awareness and effective protection.