铁路网络安全态势感知平台方案研究

董鹏; 马小宁; 高明星

铁路网络安全态势感知平台方案研究

1. 中国铁路信息科技有限责任公司, 北京 100038;
2. 中国铁道科学研究院集团有限公司铁路大数据研究与应用创新中心, 北京 100081

基金项目:

铁路总公司科技研究开发计划课题（2017X004-B，J2018X005）

详细信息

作者简介:
董鹏,工程师;马小宁,研究员。

中图分类号: U29;TP393
计量
- 文章访问数: 240
- HTML全文浏览量: 11
- PDF下载量: 56
出版历程
- 收稿日期: 2019-09-29
- 刊出日期: 2020-08-03

Research on railway network security situation awareness platform

1. China Railway Information Technology Co. Ltd., Beijing 100038, China;
2. Research and Application Innovation Center for Big Data Technology in Railway, China Academy of Railway Sciences Corporation Limited, Beijing 100081, China

摘要

摘要: 研究基于大数据的网络安全态势感知技术在铁路行业的应用,使铁路信息网络具有全面感知、主动预警的能力是当前铁路网络安全建设的重点任务之一。为此,需要解决目前由于无法及时监测和感知信息网络中所存在的安全风险而导致的应用系统发展受限问题;解决传统网络安全态势感知平台由于实际网络环境中数据处理量巨大、业务复杂、层次套叠所导致的误报警率高、易遗漏报警等问题。以大数据高速存取为基础,利用人工智能和并行处理等技术优化感知预测算法,提出适于铁路行业应用的网络安全态势感知平台解决方案,并在测试环境中进行测试验证。结果表明:在具有高通量、复杂化特点的铁路信息网络环境中,该解决方案对潜在安全风险的感知和发现能力优于传统网络安全态势感知平台,满足铁路信息网络高通量、高实时性响应要求,有效地降低误报警率,提升了报警质量和水平。
- 网络安全 /
- 态势感知 /
- 铁路信息系统
Abstract: It is one of the key tasks of current railway network security construction to study the application of network security situation awareness technology based on big data in railway so as to endow the railway information network with the ability of comprehensive awareness and proactive early warning. Therefore, it was aimed to solve the lack of timely surveillance and awareness over potential threats that might impose limitations on the development of application systems. Meanwhile, the problems of high false alarm rate and missing alarms due to huge amount of data, complexity of business, hierarchical overlapping existing in traditional situation awareness platform were also dealt with. Based on high-speed access of big data, artificial intelligence and parallel processing technology were used to optimize the perception and prediction algorithm and a solution of network security situation awareness platform suitable for Chinese railways was also put forward. Furthermore, the solution had been tested and verified in a test environment for a month and the results show that this solution is superior to traditional network security situation awareness platform in perceiving and discovering potential security threats in a railway information network environment with the characteristics of high throughput and high complexity, and can effectively reduce the rate of false alarm and improve the quality and level of alarming of the Chinese railway information network with the characteristics of high throughput and rapid real-time response.
- network security /
- situation awareness /
- railway information system

HTML全文

参考文献(11)

[1]	王慧强,赖积保,朱亮,等. 网络态势感知系统研究综述[J]. 计算机科学, 2006(10):5-10.
[2]	陈兴蜀,曾雪梅,王文贤,等. 基于大数据的网络安全与情报分析[J]. 工程科学与技术, 2017, 49(3):1-12.
[3]	管磊,胡光俊,王专. 基于大数据的网络安全态势感知技术研究[J]. 信息网络安全, 2016(9):45-50.
[4]	展娜,杨志军. 基于大数据分析的网络安全态势感知[C]//计算机科学,中国计算机用户协会网络应用分会2018年第二十二届网络新技术与应用年会论文集, 2018(11):50-51.
[5]	朱义,杨玉龙,李帅,等. 面向大数据环境的网络安全态势感知平台研究[J]. 网络安全技术与应用, 2018(11):52-54.
[6]	William W Streilein, John Truelove, Chad R Meiners, et al. Cyber situational awareness through operational streaming analysis[C]//Track3, Cyber Security and Network Operations, The 2011 Military Communications Conference, 2011:26-31.
[7]	中国铁路总公司. 中国铁路总公司信息化总体规划报告[Z]. 北京:中国铁路总公司, 2016.
[8]	中国铁路总公司. 铁路数据服务平台建设方案[Z]. 北京:中国铁路总公司, 2016:5-7.
[9]	陶源,黄涛,张墨涵,等. 网络安全态势感知关键技术研究及发展趋势分析[J]. 信息网络安全, 2018(8):79-85.
[10]	马小宁,李平,史天运. 铁路大数据应用体系架构研究[J]. 铁路计算机应用, 2016, 25(9):7-13.
[11]	王万齐,张德栋,黄勤龙. 铁路网络与信息安全管理系统研究与设计[J]. 铁路计算机应用, 2017(11):32-35.