网络安全挂图作战实践

doi:10.11871/jfdc.issn.2096-742X.2024.01.012

数据与计算发展前沿 ›› 2024, Vol. 6 ›› Issue (1): 125-135.

CSTR: 32002.14.jfdc.CN10-1649/TP.2024.01.012

doi: 10.11871/jfdc.issn.2096-742X.2024.01.012

网络安全挂图作战实践

胡威¹(),张海霞^2,^*(),夏昂¹,魏家辉¹,连一峰²

1.国家电网有限公司信息通信分公司，北京 100761
2.中国科学院软件研究所，可信计算与信息保障实验室，北京 100190

收稿日期:2022-12-02 出版日期:2024-02-20 发布日期:2024-02-21
通讯作者: * 张海霞（E-mail: haixia@iscas.ac.cn）
作者简介:胡威，国家电网有限公司信息通信分公司网络安全监控中心，主任，长期从事网络信息安全态势感知与实时监控分析，主要研究方向为网络信息安全、态势感知。
本文负责制定论文框架，撰写“技术架构”“小结”部分，负责论文修改、审定。
HU Wei, director of Network Security Monitoring Center of Information and Communication Branch of State Grid Corporation of China, has been engaged in network information security situation awareness and real-time monitoring analysis for a long time. His main research direction is networks information security and situation awareness.
In this paper, he is responsible for formulating the paper framework, writing “Technical Architecture” and “Summary”, and revising and approving the paper.
E-mail: huw2022@126.com|张海霞，中国科学院软件研究所，高级工程师，博士，长期从事网络及信息安全技术研究、规划设计与工程建设工作，主要研究方向包括信息安全测评技术、等级保护关键技术、网络安全监测预警技术等，先后承担国家863计划、国家发改委、公安部、国家测评中心、认证中心等国家级、部委级重要科技项目20余项，在核心学术期刊发表多篇论文，申请多项国家发明专利。
本文中负责网络安全挂图作战关键技术研究，负责撰写“关键技术”“网络安全挂图作战应用”部分。
ZHANG Haixia, Ph.D., is a senior engineer at Institute of Software, Chinese Academy of Sciences. She has long been engaged in cyber and information security technology research, planning, design and engineering construction. Her key research directions include information security evaluation technology, classified protection key technology, network security monitoring, and Pre-warning Technology, etc. She has successively undertaken the National 863 program, and more than 20 other national and ministerial level important science and technology projects from the national development and Reform Commission, Ministry of public security, and national evaluation center Certification Center. She has published many papers in core academic journals and applied for a number of national invention patents.
In this paper, she is responsible for the research on key technologies of cyberspace security map warfare， and for writing “key technologies” and “application of cyberspace security map warfare”.
E-mail: haixia@iscas.ac.cn
基金资助:
国家电网科技项目“面向挂图作战的可视化网络安全对抗关键技术研究”(529939220002);国家重点研发计划课题“基于网络空间地理图谱的网络安全行为智能认知技术研究”(2020YFB1806504)

Practice of Cyberspace Security Map

HU Wei¹(),ZHANG Haixia^2,^*(),XIA Ang¹,WEI Jiahui¹,LIAN Yifeng²

1. State Grid Information & Telecommunication Branch, Beijing 100761, China
2. Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China

Received:2022-12-02 Online:2024-02-20 Published:2024-02-21

摘要/Abstract

摘要：

【目的】随着当前网络空间与物理空间和社会空间逐步融合的趋势，重要行业部门在网络安全保护工作中积累了大量的网络安全数据，数据和业务驱动的网络安全挂图作战对掌握资产底数、改善数据治理成效、提升网络安全保护效能具有非常明显的作用，可全方位支撑网络安全保护和保障工作。【方法】本文以重要行业开展网络安全挂图作战能力建设为驱动，提出了包含要素抽取层、图谱设计层和智能认知层在内的整体技术架构，包括针对威胁情报信息的实体/关系抽取技术、针对网络资产的自动测绘技术、网络行为监测与建模技术、智能挖掘推理技术以及可视化表达技术等关键技术方法，并在电力行业某部门进行了实践应用。【结果】该技术框架可用于构建面向网络安全保护业务的网络空间地理图谱，支撑全方位、跨空间的网络安全监测发现、态势感知、事件处置和应急响应实战。【结论】基于网络安全地理图谱的挂图作战应用具有很好的应用价值和推广前景，能够直观展示跨空间的数据、要素和业务关系，但仍需要探索业务实战领域的新方法和新模型，以提升网络安全挂图的实战效能。

关键词: 网络空间安全, 网络安全挂图, 知识图谱, 资产测绘技术

Abstract:

[Objective] In the current trend of gradual integration of cyberspace, physical space, and social space, important industry departments have accumulated a large amount of network security data in network security protection. Cyberspace security map warfare driven by Data and Business plays a very significant role in grasping the base number of assets, improving the effectiveness of data governance, and enhancing the effectiveness of network security protection, and can support network security protection and security work in an omni-directional way. [Methods] Driven by the construction of cyberspace security map warfare capability in important industries, this paper proposes an overall technical framework including an element extraction layer, a map design layer, and an intelligent cognitive layer, including entity/relationship extraction technology for threat intelligence information, automatic mapping technology for network assets, network behavior monitoring and modeling technology, intelligent mining and reasoning technology, visual expression technology and other key technical methods. It has been applied at a certain department of the electric power industry. [Results] The technical framework can be used to build a cyberspace geographic map for network security protection services, and support an omni-directional, cross-space network security monitoring and discovery, situation awareness, event handling, and emergency response. [Conclusions] The application of the cyberspace security map based on the network security geographic map has good application value and promotion prospects, and can intuitively display cross-space data, elements, and business relationships. However, it is still necessary to explore new methods and models in the field of business practice to improve the actual combat effectiveness of the cyberspace security map.

Key words: cyberspace security, cyberspace security map, knowledge graph, surveying and mapping technology for cyberspace asset

胡威, 张海霞, 夏昂, 魏家辉, 连一峰. 网络安全挂图作战实践[J]. 数据与计算发展前沿, 2024, 6(1): 125-135.

HU Wei, ZHANG Haixia, XIA Ang, WEI Jiahui, LIAN Yifeng. Practice of Cyberspace Security Map[J]. Frontiers of Data and Computing, 2024, 6(1): 125-135, https://cstr.cn/32002.14.jfdc.CN10-1649/TP.2024.01.012.

图/表 3

参考文献 22

[1]	冯登国, 连一峰. 网络空间安全面临的挑战与对策[J]. 中国科学院院刊, 2021, 36(10): 1239-1245.
[2]	郭启全, 高春东, 郝蒙蒙, 等. 发展网络空间可视化技术支撑网络安全综合防控体系建设[J]. 中国科学院院刊, 2020, 35(7): 917-924.
[3]	高春东, 郭启全, 江东, 等. 网络空间地理学的理论基础与技术路径[J]. 地理学报, 2019, 74(9): 1709-1722. doi: 10.11821/dlxb201909001
[4]	贾焰, 亓玉璐, 尚怀军, 等. 一种构建网络安全知识图谱的实用方法[J]. Engineering, 2018, 4(1): 117-133.
[5]	王通, 艾中良, 张先国. 基于深度学习的威胁情报知识图谱构建技术[J]. 计算机与现代化, 2018, 280(12): 25-30.
[6]	PINGLE A, PIPLAI A, MITTAL S, et al. RelExt: Relation Extraction using Deep Learning approaches for Cybersecurity Knowledge Graph Improvement[C/OL]// 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), IEEE, 2020, https://ieeexplore.ieee.org/document/9073093.
[7]	TAN C, SUN F, KONG T, et al. A survey on deep transfer learning[C]// International conference on artificial neural networks. Springer, Cham, 2018: 270-279. https://arxiv.org/abs/1808.01974
[8]	DEVLIN J, CHANG M W, LEE K, et al. Bert: Pre-training of deep bidirectional transformers for language understanding[J]. arXiv preprint arXiv:1810.04805, 2018. https://arxiv.org/pdf/1810.04805.pdf
[9]	黄克振. 网络安全威胁感知关键技术研究[D]. 北京: 中国科学院大学, 2021.
[10]	GUNES M H, SARAC K. Resolving IP aliases in building traceroute-based Intemet maps[J]. IEEE/ACM Transactions on Networking(TON), 2009, 17(6): 1738-1751.
[11]	MARCHETTA P'PERSICO V PESCAPIE A. Pythia: yet another active probing technique for alias resolution[C]// The 9th ACM Conference on Emerging Networking Experiments and Technologies, 2013:229-234.
[12]	SHAVITr Y’ZILBERMAN N. Geographical intemet PoP level maps[C]// The International Conference on Traffic Monitoring&Analysis, 2012: 121-124.
[13]	SHAVITT Y’ZILBERMAN N. Improving 1P geolocation by crawling the Intemet PoP level graph[C]// The Conference on WIP Networking, 2013: 1-9.
[14]	CHENG Z, BESHLEY M, BESHLEY H, et al. Development of Deep Packet Inspection System for Network Traffic Analysis and Intrusion Detection[C]. IEEE, 2020: 877-881.
[15]	PAEK Y. Hawkware: network intrusion detection based on behavior analysis with ANNs on an IoT device[C]// 2020 57th ACM/IEEE Design Automation Conference (DAC), ACM, 2020: 1-6.
[16]	李序, 连一峰, 张海霞, 等. 网络安全知识图谱关键技术[J]. 数据与计算发展前沿, 2021, 3(3): 9-18.
[17]	QI Y, JIANG R, JIA Y, et al. Association Analysis Algorithm Based on Knowledge Graph for SPACE-Ground Integrated Network[C]// 2018 IEEE 18th International Conference on Communication Technology (ICCT), IEEE, 2018: 222-226.
[18]	陶源, 黄涛, 李末岩, 等. 基于知识图谱驱动的网络安全等级保护日志审计分析模型研究[J]. 信息网络安全, 2020, 20(1): 46-51.
[19]	HUANG Z, WEI X, KAI Y. Bidirectional LSTM-CRF Models for Sequence Tagging[J]. IEEE Intelligent Systems, 2017, 32(6): 74-80.
[20]	HOUSSEM G, ABDELAZIZ B, JANNIK L. LSTM recurrent neural networks for cybersecurity named entity recognition[C]. The Thirteenth International Conference on Software Engineering Advances, 2018: 1-6.
[21]	黄克振, 连一峰, 冯登国, 等. 一种基于图模型的网络攻击溯源方法[J]. 软件学报, 2022, 33(2): 683-698.
[22]	郭启全, 张海霞. 关键信息基础设施安全保护技术体系[J]. 信息网络安全, 2020 (11): 1-9.

网络安全挂图作战实践

Practice of Cyberspace Security Map

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 3

参考文献 22

相关文章 11

编辑推荐

Metrics

本文评价

[1]	张博尧, 曹荣强, 万萌, 孙境棋, 王彦棡, 王珏, 赵永华. 垂直领域知识图谱构建及应用平台的设计与实现[J]. 数据与计算发展前沿, 2023, 5(3): 111-122.
[2]	张晓帆, 孙海春, 李欣. 融合多层注意力机制与BiLSTM的知识图谱补全算法研究[J]. 数据与计算发展前沿, 2023, 5(3): 123-137.
[3]	许淞源,李成赞,刘峰. 基于知识图谱和主题模型的短文本特征增强方法[J]. 数据与计算发展前沿, 2023, 5(2): 97-105.
[4]	罗婕溪,刘帅,张玉志,李正丹,孙羽菲,张圣林. 基于知识图谱技术的线上教学资源推荐系统设计与实现[J]. 数据与计算发展前沿, 2022, 4(3): 3-18.
[5]	兰格,王瑾瑜,孙羽菲,张玉志. 基于知识图谱的图匹配文本分类[J]. 数据与计算发展前沿, 2022, 4(2): 39-49.
[6]	陶磊,苏晨阳,李正丹,朱静雯,张玉志. 基于ElasticSearch和语义相似度匹配的教学资源搜索策略[J]. 数据与计算发展前沿, 2022, 4(2): 50-62.
[7]	胡正银,刘蕾蕾,陈文杰,刘春江,钱力,宋亦兵. 面向科学知识发现的造血干细胞知识图谱构建研究[J]. 数据与计算发展前沿, 2021, 3(6): 81-97.
[8]	李序,连一峰,张海霞,黄克振. 网络安全知识图谱关键技术[J]. 数据与计算发展前沿, 2021, 3(3): 9-18.
[9]	刘佳,夏晓蕾,王姝,王丽娟,郭志斌,胡良霖,周园春. 科技资源标识服务系统及创新应用[J]. 数据与计算发展前沿, 2020, 2(6): 62-73.
[10]	孙艳艳,毛卫南,毛宇斐,吴海博. 基于区域科技资源服务平台的虚拟创新生态系统构建研究[J]. 数据与计算发展前沿, 2020, 2(5): 30-40.
[11]	周园春,常青玲,杜一. SKS：一种科技领域大数据知识图谱平台 ^*[J]. 数据与计算发展前沿, 2019, 1(1): 82-93.