Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHS...Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.展开更多
The real-time of network security situation awareness(NSSA)is always affected by the state explosion problem.To solve this problem,a new NSSA method based on layered attack graph(LAG)is proposed.Firstly,network is div...The real-time of network security situation awareness(NSSA)is always affected by the state explosion problem.To solve this problem,a new NSSA method based on layered attack graph(LAG)is proposed.Firstly,network is divided into several logical subnets by community discovery algorithm.The logical subnets and connections between them constitute the logical network.Then,based on the original and logical networks,the selection of attack path is optimized according to the monotonic principle of attack behavior.The proposed method can sharply reduce the attack path scale and hence tackle the state explosion problem in NSSA.The experiments results show that the generation of attack paths by this method consumes 0.029 s while the counterparts by other methods are more than 56 s.Meanwhile,this method can give the same security strategy with other methods.展开更多
It may be difcult for existing methods to make full use of the correlation and complementarity of various kinds of information when processing multi-source information.In order to accurately perceive the security situ...It may be difcult for existing methods to make full use of the correlation and complementarity of various kinds of information when processing multi-source information.In order to accurately perceive the security situation of distribution automation and ensure the safe and stable operation of distribution network,the multi-source information fusion distribution automation security situation awareness technology based on risk transmission path is studied.Based on the risk transmission path,the distribution automation security situational awareness factors are analyzed,and the main factors afecting the distribution automation security situation are divided into two dimensions:internal source and external source,and eight main awareness factors;Diferent types of sensors are set in the main areas of security situational awareness factors to collect data of diferent awareness factors.Using ant colony algorithm to optimize DS evidence fusion method,data with diferent perception factors are fused,and data fusion results with diferent perception factors are obtained.The distribution automation security situational awareness model is constructed,and the security situational awareness results are obtained based on the data fusion results of the awareness factors.If the results are higher than the set threshold,the abnormal signal can be output to determine the area where the distribution automation abnormal equipment is located.The experimental results show that the multi-source data fusion efect of this method is good,and it can accurately perceive the security status of diferent nodes of the experimental object at diferent time nodes.展开更多
基金This work is funded by the National Natural Science Foundation of China under Grant U1636215the National key research and development plan under Grant Nos.2018YFB0803504,2016YFB0800303.
文摘Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.
基金National Natural Science Foundation of China(No.61772478)
文摘The real-time of network security situation awareness(NSSA)is always affected by the state explosion problem.To solve this problem,a new NSSA method based on layered attack graph(LAG)is proposed.Firstly,network is divided into several logical subnets by community discovery algorithm.The logical subnets and connections between them constitute the logical network.Then,based on the original and logical networks,the selection of attack path is optimized according to the monotonic principle of attack behavior.The proposed method can sharply reduce the attack path scale and hence tackle the state explosion problem in NSSA.The experiments results show that the generation of attack paths by this method consumes 0.029 s while the counterparts by other methods are more than 56 s.Meanwhile,this method can give the same security strategy with other methods.
基金supported by Innovation and innovation project of State Grid Qinghai Electric Power Company"Development and application of the Reactive Power Compensation Intelligent Control Device based on Automatic Synchronous Control"(No.B7280723E028).
文摘It may be difcult for existing methods to make full use of the correlation and complementarity of various kinds of information when processing multi-source information.In order to accurately perceive the security situation of distribution automation and ensure the safe and stable operation of distribution network,the multi-source information fusion distribution automation security situation awareness technology based on risk transmission path is studied.Based on the risk transmission path,the distribution automation security situational awareness factors are analyzed,and the main factors afecting the distribution automation security situation are divided into two dimensions:internal source and external source,and eight main awareness factors;Diferent types of sensors are set in the main areas of security situational awareness factors to collect data of diferent awareness factors.Using ant colony algorithm to optimize DS evidence fusion method,data with diferent perception factors are fused,and data fusion results with diferent perception factors are obtained.The distribution automation security situational awareness model is constructed,and the security situational awareness results are obtained based on the data fusion results of the awareness factors.If the results are higher than the set threshold,the abnormal signal can be output to determine the area where the distribution automation abnormal equipment is located.The experimental results show that the multi-source data fusion efect of this method is good,and it can accurately perceive the security status of diferent nodes of the experimental object at diferent time nodes.
