CN107332698A - A kind of Security Situation Awareness Systems and method towards bright Great Wall intelligent perception system - Google Patents

A kind of Security Situation Awareness Systems and method towards bright Great Wall intelligent perception system Download PDF

Info

Publication number
CN107332698A
CN107332698A CN201710464725.XA CN201710464725A CN107332698A CN 107332698 A CN107332698 A CN 107332698A CN 201710464725 A CN201710464725 A CN 201710464725A CN 107332698 A CN107332698 A CN 107332698A
Authority
CN
China
Prior art keywords
situation
data
security
index
risk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710464725.XA
Other languages
Chinese (zh)
Inventor
高岭
杨旭东
孙骞
张晓�
王海
郑杰
高全力
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Northwest University
Original Assignee
Northwest University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northwest University filed Critical Northwest University
Priority to CN201710464725.XA priority Critical patent/CN107332698A/en
Publication of CN107332698A publication Critical patent/CN107332698A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/10Geometric CAD
    • G06F30/13Architectural design, e.g. computer-aided architectural design [CAAD] related to design of buildings, bridges, landscapes, production plants or roads
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/30Circuit design
    • G06F30/36Circuit design at the analogue level
    • G06F30/367Design verification, e.g. using simulation, simulation program with integrated circuit emphasis [SPICE], direct methods or relaxation methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Geometry (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Evolutionary Computation (AREA)
  • Computational Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Civil Engineering (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Technology Law (AREA)
  • Structural Engineering (AREA)
  • Computing Systems (AREA)
  • Architecture (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Quality & Reliability (AREA)
  • Multimedia (AREA)
  • Automation & Control Theory (AREA)
  • Alarm Systems (AREA)

Abstract

A kind of Security Situation Awareness Systems and method towards bright Great Wall intelligent perception system, include situation data acquisition module, Situation Awareness module, alarm module, situation display module towards bright Great Wall intelligent perception system.Situation data acquisition, system operation Situation Awareness, the perception of system security postures, the perception of system comprehensive situation, system threat warning and early warning, operation situation displaying, security postures displaying, the function of comprehensive situation displaying are provided.The Security Situation Awareness Systems of the present invention support the application model of bright Great Wall intelligent perception system platform.System solves the problem system operator and user to the worry of information system security, the safety and stability of system operation is ensured, the supportability of system is improved, it is therefore prevented that system operation failure is unable to the problem of real-time high-efficiency is protected to bright Ruins of Great Wall when producing.

Description

A kind of Security Situation Awareness Systems and method towards bright Great Wall intelligent perception system
Technical field
The invention belongs to technical field of system security, and in particular to a kind of safe state towards bright Great Wall intelligent perception system Gesture sensory perceptual system and cognitive method.
Background technology
With the popularization and development of internet, the application of internet enters huge numbers of families, and the moment affects the life of people Living, working and learning.Meanwhile, network attack increasingly takes place frequently, and attack meanses variation, damage capability constantly strengthens, network peace Full problem has become the importance of influence socio-economic development and National Macroscopic strategic plan, Jiao as World Focusing Point.However, current network security protection relies primarily on the one-point safety equipment such as Viral diagnosis, intrusion detection and fire wall, due to Lack effective cooperation each other so that various safety means can not play maximum effect.Whether network security problem can be basic Solve, have become the subject matter of the development of internet and all kinds of scientific research systems.
It is a kind of preservation based on large scale scale heterogeneous Internet technology to the bright Ruins of Great Wall in northern Shensi that Great Wall, which perceives monitoring system, Status real time monitor and the large-scale research application platform that early warning is carried out to risk.Great Wall perceives monitoring system as in the wild the The isomery internet historical relic monitoring system of large scale deployment is, it is necessary in face of the complicated meteorological condition in field, be used as scientific research work Make the indispensable important ring of task normal operation, whether it normally runs the success for being related to research work.Based on Great Wall Importance of the monitoring system in research work is perceived, should if can grasp constantly for the operation maintenance personnel of information system Availability, stability, the timely discovery of failure, being accurately positioned and failure predictability for failure is even arrived, just can More fully ensure and improve the running quality of system, it is ensured that the normal development of scientific research business.Due to interconnecting for network Feature, also the moment is threatened by network attack for its safe operation, it is ensured that Great Wall perceives monitoring system research application platform Safe operation, has become the important ring that research work is normally carried out.
The content of the invention
In order to overcome the above-mentioned deficiencies of the prior art, it is an object of the invention to provide one kind towards bright Great Wall Intellisense system The Security Situation Awareness Systems and cognitive method of system, the efficient place of shortage during monitoring system safe operation is ensured is perceived to solve Great Wall The ability of reason problem, so as to play the purpose for ensureing that scientific research activity is normally carried out.
To achieve these goals, the present invention go out use technical scheme be:
A kind of Security Situation Awareness Systems towards bright Great Wall intelligent perception system, including system operation data acquisition process Subsystem, system trend evaluation subsystem, system, which are threatened, comments alarm and early warning subsystem, running situation displaying and analysis System;
Described system operation data acquisition process subsystem is by including field monitoring device data acquisition unit, field prison Measurement equipment image data acquiring unit, network security data collecting unit, network operation data acquisition unit, data transfer list Member, data classification processing unit, data pre-processing unit composition;
Described system trend evaluation subsystem includes system operation Situation Awareness unit, system network safety Situation Awareness Unit, system comprehensive situation perceive unit, system trend predicting unit;
Described system, which is threatened, comments alarm and early warning subsystem, including system alert unit and prewarning unit;
Described running situation displaying and analyzing subsystem, including the displaying of history situation display unit, real-time situation Unit, predictive situation display unit, situation automatically analyze unit, intellective scheme recommendation unit.
Described data acquisition unit is adopted by field monitoring device data acquisition unit with field monitoring equipment view data Collect unit composition;Field monitoring device data acquisition is same to being connected to by the way of microprocessor integrated sensor data The multiple systems operational monitoring sensing data of microprocessor is integrated;For the visual plant in Monitoring Focus region, using regarding The mode of frequency image catches the realtime graphic of equipment, by image technique correlation technique, to the running situation data of monitoring device It is acquired;Described data transmission unit is ensured for field IFR conditions using mobile communication and Beidou satellite transmission Data transfer, backups each other, and increase field sensory perceptual system transmits the reliability and real-time of data;Described data classification processing Unit includes data classification feature and store function, is classified as operation situation number the characteristics of for transmitting to the data of data center According to, security postures data.
The problem of described system operation Situation Awareness unit includes running for influence system-based, according to the selected period Extract operation situation data and according to the operation situation of Situation Assessment index system quantitative evaluation system, identifying system running The middle security risk for occurring influenceing normally to run;Described system network safety Situation Awareness unit includes, and system is in interconnection A key factor in net, is faced with the threat of a large amount of network securitys, passes through the security postures number of network residing for the system of collection According to formation is shown to directly perceived, the global risk of the network security threats of systems face;Described system comprehensive situation perceives single Member includes the risk for the problems such as network security threats, equipment fault for being faced to influence system worked well forming whole synthesis Assessment result.
Described warning unit is according to the assessment result in system trend evaluation subsystem for systems face risk, to being The security threat faced of uniting is classified, and is divided into operating risk, the high-risk, danger of operation, safety high-risk, comprehensive dangerous, comprehensive Close high-risk six ranks;Prewarning unit:According to the assessment result of Tendency Prediction model, the warning level of dividing system:It is divided into general It is logical (system trend is not above threshold value), middle rank (system operation situation and security postures wherein have one to exceed threshold value), senior (system operation situation and safety situation evaluation result are above setting max-thresholds);According to the police of warning unit and prewarning unit Report rank notifies system manager by the way of voice call, short message, wechat push, system message.
Described history situation display unit tackles security threat by diagrammatic representation System History situation and correspondence system Processing scheme;The Forewarn evaluation result for the security threat that system is likely encountered by described predictive situation display unit shows pipe Reason person simultaneously passes through intellective scheme recommendation unit recommendation process scheme;Described situation automatically analyzes unit by forming the past one The situation report in week, one month is analyzed the security situation of system, is formed and is assessed system trend information, situation early warning letter The character description information of breath, warning message and disposition;Described intellective scheme recommendation unit includes working as system operation wind When danger exceedes safe operation threshold value, pushed away according to the system operation situation characteristic element such as operation situation, comprehensive situation, weather, electricity Recommend Intelligent treatment scheme;When system safety hazards than it is larger when, according to security postures, comprehensive situation, system safety means data Feature recommends Intelligent treatment scheme;Wherein the structure of recommended models is special according to the advance system intellective scheme of expert's generation and situation Key element is levied, deep learning model pre-training system model is used;Afterwards instruction is continuously increased further according to keeper's processing scheme and feature Practice Data duplication training smart scheme recommended models, improve the degree of accuracy for recommending intellective scheme, improve and be directed to field complex situations The ability that lower system operation is ensured.
Described use statistical chart display systems service data, including the electricity of system sensor, transmission path packet loss, Fault rate, System Functional Test success rate and network security data, including ratio shared by leak quantity, various rank leaks, Number of times under attack, various attack proportions;The data real-time change of Situation Assessment system is shown using dendrogram;Using folding Line chart shows the change of comprehensive situation, and shows system operation situation and the safe state of system using pie chart mode in each node Gesture, and show that the warning of situation is classified situation with different colours, make the situation for experiencing system that system manager is clear and intuitive Situation of change;Topmost physical equipment running situation uses the big representative region of physical topology figure real-time exhibition five to system safely The running situation of machine operation and transmission path;History battle state display is combined displaying with processing scheme, improves system administration The efficiency of member's process problem gives rational suggestion there is provided the processing scheme of Similar Problems;System trend analysis is by generating system The Study on Trend report for fixed time period of uniting, analyzes situation index system data cases, system trend situation of change, alerts and pre- The operation of alert condition, threat disposition to system is analysed in depth.
Described situation displaying shows different colours displaying operation situation and safety in comprehensive situation situation, pie chart using figure Situation is for the influence situation of comprehensive situation, and the mode of physical topology figure shows that the data transfer of five big representative regions is returned in data The real-time condition and gateway and the running situation of sensor of the heart.
A kind of security postures cognitive method towards bright Great Wall intelligent perception system, including system function module are built, are Building for system service, comprises the following steps:
A system function modules are built:
1) system trend data message is obtained:The data of different sensors in acquisition system, and pass through Beidou satellite communication System and mobile communication signal are transmitted back to data center, after being classified and store, including sensor data acquisition, data are passed Defeated, data center classifies and stores three steps;And set up system operation data acquisition process subsystem:Core Feature should be wrapped Include, data acquisition function, data-transformation facility, data processing function;
1. data acquisition function:To the prison of the Great Wall body sensors of five big representative regions of bright Great Wall intelligent perception system Survey data, Monitoring Data, transmission network Monitoring Data, threat and the fragility of sensor and gateway operation, asset data number According to the collection of, systemic-function Monitoring Data;The data integration of each representative region each representative region microprocessor simultaneously Pass through gateway forwards;The method of systemic-function Monitoring Data collection, should comprise the following steps:
The method of described systemic-function Monitoring Data collection, comprises the following steps:
A, test script are recorded:
By the test script of system automatic testing software recording system function, set that script performs in software when Between, number of times, set software start shooting automatic start, it is ensured that the execution of test function;
B, perform test:
Test three times a day is performed to the major function of each page in system four big business modules, to basic training Test once a day can be carried out, test result is stored in test database;Field includes in test database:Test module Title, test module significance level, testing time, test result;
C, test result quantify:
Weight is assigned respectively according to four big major functions of bright Great Wall Situation Awareness System, then according in each function The page is divided into the weight that displaying function and system business function substantially assign 0.4 and 0.6 respectively, finally according to each systemic-function Test result (successfully returns to 1,0) unsuccessful return, calculates day test result and moon test result:Day test quantized result=tetra- Big Function Weight × page function classification × test result × testing time;Daily test quantifies in test quantized result=week in week Results added/7, obtain the final test result amount W (t) of test result and are expressed from the next:
In formula, W (t) be seclected time section in functional test results, t for choose time granularity, can for day, week, Month, w (1) is the weight of system main business function, and w (w) is page function classification, and vi is the test result of ith, and time is The numerical value in units of day of seclected time section, such as time one week seven days is equal to 7;
2. data-transformation facility:In order to ensure the reliability of the data transfer mode under the IFR conditions of field, gateway Transmitted by mobile communication, Beidou satellite communication system mode, Great Wall body Monitoring Data (including is deployed in bright Great Wall Soil temperature-moisture sensor, the Monitoring Data of salt sub-sensor on ruins, the service data of precipitation sensor) in returned data The heart;The Monitoring Data of gateway operation includes:Packet drop and operation information, system in gateway transmitting procedure are threatened and crisp Weak property, asset data data include prison of the fail-safe softwares such as traditional intruding detection system, vulnerability scanning system to system server Survey data;Data after the automatic test script test result of systemic-function Monitoring Data quantifies are passed by way of wired internet Shu Hui data centers;
3. data processing function:The situation initial data collected is subjected to statistical analysis, repetition is removed, mistake, invalid , unified form operation situation data and security postures data are formed, operation situation data format includes:Acquisition time, data Length, data source device code, data content, are stored in operation situation database;Security postures data format includes:During collection Between, data length, secure data source categories, data source device code, data content, be stored in security postures database;
4. the situation data collected are classified, and be stored in the database of data center, Great Wall body is passed Monitoring Data, the Monitoring Data of sensor and gateway operation, transmission network Monitoring Data, the systemic-function Monitoring Data of sensor are returned Class is operation situation data;System is threatened and fragility, asset data are classified as security postures data, and is stored to phase In the database answered;
2nd, system trend knowledge acquisition:Risk is carried out respectively by the situation data of data center to assess in real time, and state The computing of gesture prediction, including risk assessment, two steps of Tendency Prediction;And set up system trend evaluation subsystem, described root According to the operation characteristic of bright Great Wall Situation Awareness System, three-levle platform is formed, first class index includes:Run safe state Gesture, network safety situation;Two-level index includes:System-based operation index, system threat index, system vulnerability index;Three Level index includes:Infrastructure device operation safety index, data transmission security operation index, systemic-function operation safety index;Clothes Equipment of being engaged in operation safety index, Cybersecurity Operation safety index;Wherein, situation operation is assessed runs safety using infrastructure device The data that index, data transmission security operation index, systemic-function run safety index are used as the input of its evaluation model;Situation Security evaluation uses service equipment to run safety index, Cybersecurity Operation safety index as the input of model of mind;Pass through Bottom-up stepwise quantization, forms the overall Situation Assessment result of system, and its definition quantification of targets calculation formula is:3 grades of states Gesture quantification of targets formula:
2 grades of situation quantification of targets formula:
1 grade of situation quantification of targets formula:
In formula, E3i(t) it is the situation quantification of targets value of a certain moment third layer, wherein AjFor t index j numerical value, g (Aj(t)) it is t AjNormalized value, w3jFor index j weight, w3jProvided according to expertise;Two-level index E2i(t) by Three-level index weighted sum is obtained, wherein w2jFor the weight first class index E of correspondence two-level index1i(t) asked by two-level index weighting With obtain similarly;Final quantization obtains the Situation Assessment result of system;
According to the selected period, operation situation evaluation function is according to operation situation evaluation index system by the fortune collected Row situation data calculate and obtain operation situation assessment result, the running situation of the certain time period of reaction system;Similarly, system is pacified Full Situation Awareness unit, which calculates the operation situation data collected according to safety situation evaluation index system, obtains security postures Assessment result;Comprehensive situation is assessed to be built according to the input of the result of operation situation evaluation index and safety situation evaluation index is advance Intelligent evaluation model obtain comprehensive situation assessment result;System trend prediction according to the operation situation of first three weeks, security postures, Comprehensive situation predicts the situation result of one week after;
3rd, system trend multi views visual presentation and threat identification, processing:By by the knot of the analysis and assessment of previous step Fruit carries out a variety of various forms of view displayings and alerted for Situation Assessment result, and Tendency Prediction result impends Early warning, and the recommended work of Intelligent treatment scheme is provided;Including the visualization of system trend multi views, threat identification and alarm, place Reason scheme intelligent recommendation;Setting up system and threatening to comment to alert should include with early warning subsystem, Core Feature:Threat warning, threat are pre- Alert function;The situation value of obtained present period is calculated according to system trend evaluation subsystem, real-time alarming mechanism is set;It is logical Expert's given threshold value is crossed to be classified real-time evaluation system risk situation, be divided into operating risk, run high-risk, danger, Safety is high-risk, comprehensive dangerous, comprehensive high-risk six ranks, wherein operating risk, the high-risk, danger of operation, high-risk point of safety System operation is not represent and monitors security threat, and system network safety is on the hazard;According to system trend evaluation subsystem meter Obtained next all situation values, carry out early warning classification, according to expertise given threshold, early warning are divided into common operation (system trend is not above threshold value), intermediate risk (system operation situation and security postures wherein have one to exceed threshold value), height Level risk (system operation situation and safety situation evaluation result are above setting max-thresholds), is that the maintenance of system manager is carried For guidance and help;Classification according to early warning and alarm is timely informed system operation security threat, is disappeared by system Breath, short message, voice call, wechat PUSH message timely notify Administrator system to threaten situation;
4) running situation displaying and analyzing subsystem are set up, Core Feature should include, using statistical chart display systems Service data, includes electricity, transmission path packet loss, fault rate, System Functional Test success rate and the network of system sensor Secure data, including ratio, number of times under attack, various attack proportions shared by leak quantity, various rank leaks;Adopt The data real-time change of Situation Assessment system is shown with dendrogram;The change of comprehensive situation is shown using line chart, and each System operation situation and system security postures are shown using pie chart mode in node, and show that the warning of situation divides with different colours Level situation, makes the situation situation of change for experiencing system that system manager is clear and intuitive;Topmost physics is set system safely Standby running situation is using the machine operation of the big representative region of physical topology figure real-time exhibition five and the operation feelings of transmission path Condition;History battle state display is combined displaying with processing scheme, and there is provided Similar Problems for the efficiency of raising system manager's process problem Processing scheme, gives rational suggestion;System trend analysis is reported by generating the Study on Trend of system fixed time period, is analyzed The operation of situation index system data cases, system trend situation of change, warning and early warning situation, threat disposition to system Analysed in depth;
The service that B, system are provided is built;
1) data acquisition is serviced with transmission:Data acquisition and transmission to bright Great Wall field monitoring equipment are serviced, to multidimensional The collection of data, the integrated transmission of data, improve the acquisition capacity to system data, ensure reliability, reality in data transfer Shi Xing;
2) data processing and storage service service:The mass data of higher-dimension, isomery for bright Great Wall Situation Awareness System, Pretreatment and the classification store function of data are provided, and set up efficient data-storage system, the availability of data is improved and has Effect property, and ensure data integrity and authenticity;
3) system trend is assessed and Tendency Prediction service:Data to bright Great Wall Situation Awareness are analyzed, and utilize foundation Situation Assessment index system quantization system situation, system trend is estimated from multidimensional different angle, real peace is disclosed Full blast danger, improves the ability of the reply risk of system;And great security risk is predicted;
4) system threat identification and Warning Service:The threat currently faced to system and the risk that will be faced are identified And early warning, the safe operation of safeguards system;
5) system operation situation diagrammatic representation and Study on Trend service:The displaying of the overall situation of system is needed, makes system Operation of the keeper to system has comprehensive assurance, and the risk assessment situation to system, running situation, progress pictorialization are straight Displaying is seen, is administrative staff's identification threat, processing risk provides effective instruct;
6) Intelligent treatment scheme recommendation service:The result assessed for system risk, is given birth to automatically using artificial intelligence approach New data are continuously added into the processing scheme of recommendation, and to the training algorithm of recommended models, accurately and efficiently processing side is formed The recommendation of case.
Soil humidity sensor, the salinity that described bright Great Wall body Monitoring Data includes being deployed on bright Ruins of Great Wall are passed The Monitoring Data of sensor, the service data of precipitation sensor;The Monitoring Data of gateway operation includes:The packet drop of gateway and Operation information;The packet loss that transmission network Monitoring Data includes transmission network (mobile network, big-dipper satellite network, cable network) leads to Believe condition monitoring data;System is threatened and fragility, asset data data include traditional intruding detection system, vulnerability scanning system Monitoring Data of the fail-safe softwares such as system to system server;After the automatic test script test result of systemic-function Monitoring Data quantifies Data.
The beneficial effects of the invention are as follows:
The O&M of current Great Wall sensory perceptual system is ensured relies on artificial and simple operation monitoring system mostly, there is efficiency The problems such as low, manual maintenance cost is high, problem finds not prompt enough.Present invention greatly reduces the time of manual maintenance, and The importance protected for ancient site, realizes and carries out early warning to risk present in system operation in advance, and use artificial intelligence Can technology, intelligent recommendation processing scheme greatly improves the O&M supportability of system, effectively reduce the maintenance of system into This.
Brief description of the drawings
Fig. 1 is system framework figure of the invention.
Fig. 2 is system safety monitoring hierarchical model of the invention.
Embodiment:
The present invention is further discussed below below in conjunction with accompanying drawing.
As shown in figure 1, a kind of Security Situation Awareness Systems towards bright Great Wall intelligent perception system, including system operation number Threatened according to acquisition process subsystem, system trend evaluation subsystem, system and comment alarm and early warning subsystem, running situation exhibition Show and analyzing subsystem;
Described system operation data acquisition process subsystem is by including field monitoring device data acquisition unit, field prison Measurement equipment image data acquiring unit, network security data collecting unit, network operation data acquisition unit, data transfer list Member, data classification processing unit, data pre-processing unit composition;
Described system trend evaluation subsystem includes system operation Situation Awareness unit, system network safety Situation Awareness Unit, system comprehensive situation perceive unit, system trend predicting unit;
Described system, which is threatened, comments alarm and early warning subsystem, including system alert unit and prewarning unit;
Described running situation displaying and analyzing subsystem, including the displaying of history situation display unit, real-time situation Unit, predictive situation display unit, situation automatically analyze unit, intellective scheme recommendation unit.
Described data acquisition unit is adopted by field monitoring device data acquisition unit with field monitoring equipment view data Collect unit composition;Field monitoring device data acquisition is same to being connected to by the way of microprocessor integrated sensor data The multiple systems operational monitoring sensing data of microprocessor is integrated;For the visual plant in Monitoring Focus region, using regarding The mode of frequency image catches the realtime graphic of equipment, by image technique correlation technique, to the running situation data of monitoring device It is acquired;Described data transmission unit is ensured for field IFR conditions using mobile communication and Beidou satellite transmission Data transfer, backups each other, and increase field sensory perceptual system transmits the reliability and real-time of data;Described data classification processing Unit includes data classification feature and store function, is classified as operation situation number the characteristics of for transmitting to the data of data center According to, security postures data.
The problem of described system operation Situation Awareness unit includes running for influence system-based, according to the selected period Extract operation situation data and according to the operation situation of Situation Assessment index system quantitative evaluation system, identifying system running The middle security risk for occurring influenceing normally to run;Described system network safety Situation Awareness unit includes, and system is in interconnection A key factor in net, is faced with the threat of a large amount of network securitys, passes through the security postures number of network residing for the system of collection According to formation is shown to directly perceived, the global risk of the network security threats of systems face;Described system comprehensive situation perceives single Member includes the risk for the problems such as network security threats, equipment fault for being faced to influence system worked well forming whole synthesis Assessment result.
Described warning unit is according to the assessment result in system trend evaluation subsystem for systems face risk, to being The security threat faced of uniting is classified, and is divided into operating risk, the high-risk, danger of operation, safety high-risk, comprehensive dangerous, comprehensive Close high-risk six ranks;Prewarning unit:According to the assessment result of Tendency Prediction model, the warning level of dividing system:It is divided into general It is logical (system trend is not above threshold value), middle rank (system operation situation and security postures wherein have one to exceed threshold value), senior (system operation situation and safety situation evaluation result are above setting max-thresholds);According to the police of warning unit and prewarning unit Report rank notifies system manager by the way of voice call, short message, wechat push, system message.
Described history situation display unit tackles security threat by diagrammatic representation System History situation and correspondence system Processing scheme;The Forewarn evaluation result for the security threat that system is likely encountered by described predictive situation display unit shows pipe Reason person simultaneously passes through intellective scheme recommendation unit recommendation process scheme;Described situation automatically analyzes unit by forming the past one The situation report in week, one month is analyzed the security situation of system, is formed and is assessed system trend information, situation early warning letter The character description information of breath, warning message and disposition;Described intellective scheme recommendation unit includes working as system operation wind When danger exceedes safe operation threshold value, pushed away according to the system operation situation characteristic element such as operation situation, comprehensive situation, weather, electricity Recommend Intelligent treatment scheme;When system safety hazards than it is larger when, according to security postures, comprehensive situation, system safety means data Feature recommends Intelligent treatment scheme;Wherein the structure of recommended models is special according to the advance system intellective scheme of expert's generation and situation Key element is levied, deep learning model pre-training system model is used;Afterwards instruction is continuously increased further according to keeper's processing scheme and feature Practice Data duplication training smart scheme recommended models, improve the degree of accuracy for recommending intellective scheme, improve and be directed to field complex situations The ability that lower system operation is ensured.
Described use statistical chart display systems service data, including the electricity of system sensor, transmission path packet loss, Fault rate, System Functional Test success rate and network security data, including ratio shared by leak quantity, various rank leaks, Number of times under attack, various attack proportions;The data real-time change of Situation Assessment system is shown using dendrogram;Using folding Line chart shows the change of comprehensive situation, and shows system operation situation and the safe state of system using pie chart mode in each node Gesture, and show that the warning of situation is classified situation with different colours, make the situation for experiencing system that system manager is clear and intuitive Situation of change;Topmost physical equipment running situation uses the big representative region of physical topology figure real-time exhibition five to system safely The running situation of machine operation and transmission path;History battle state display is combined displaying with processing scheme, improves system administration The efficiency of member's process problem gives rational suggestion there is provided the processing scheme of Similar Problems;System trend analysis is by generating system The Study on Trend report for fixed time period of uniting, analyzes situation index system data cases, system trend situation of change, alerts and pre- The operation of alert condition, threat disposition to system is analysed in depth.
Described situation displaying shows different colours displaying operation situation and safety in comprehensive situation situation, pie chart using figure Situation is for the influence situation of comprehensive situation, and the mode of physical topology figure shows that the data transfer of five big representative regions is returned in data The real-time condition and gateway and the running situation of sensor of the heart.
As shown in Figure 1, 2, a kind of security postures cognitive method towards bright Great Wall intelligent perception system, including systemic-function Module built, system service is built, and is comprised the following steps:
A system function modules are built:
1) system operation data acquisition process subsystem is set up:Core Feature should include, data acquisition function, data transfer Function, data processing function;
1. data acquisition function:To the prison of the Great Wall body sensors of five big representative regions of bright Great Wall intelligent perception system Survey data, Monitoring Data, transmission network Monitoring Data, threat and the fragility of sensor and gateway operation, asset data number According to the collection of, systemic-function Monitoring Data;The data integration of each representative region each representative region microprocessor simultaneously Pass through gateway forwards;The method of systemic-function Monitoring Data collection, should comprise the following steps:
The method of described systemic-function Monitoring Data collection, comprises the following steps:
A, test script are recorded:
By the test script of system automatic testing software recording system function, set that script performs in software when Between, number of times, set software start shooting automatic start, it is ensured that the execution of test function;
B, perform test:
Test three times a day is performed to the major function of each page in system four big business modules, to basic training Test once a day can be carried out, test result is stored in test database;Field includes in test database:Test module Title, test module significance level, testing time, test result;
C, test result quantify:
Weight is assigned respectively according to four big major functions of bright Great Wall Situation Awareness System, then according in each function The page is divided into the weight that displaying function and system business function substantially assign 0.4 and 0.6 respectively, finally according to each systemic-function Test result (successfully returns to 1,0) unsuccessful return, calculates day test result and moon test result:Day test quantized result=tetra- Big Function Weight × page function classification × test result × testing time;Daily test quantifies in test quantized result=week in week Results added/7, obtain the final test result amount W (t) of test result and are expressed from the next:
In formula, W (t) be seclected time section in functional test results, t for choose time granularity, can for day, week, Month, w (1) is the weight of system main business function, and w (w) is page function classification, and vi is the test result of ith, and time is The numerical value in units of day of seclected time section, such as time one week seven days is equal to 7;
2. data-transformation facility:In order to ensure the reliability of the data transfer mode under the IFR conditions of field, gateway Transmitted by mobile communication, Beidou satellite communication system mode, Great Wall body Monitoring Data (including is deployed in bright Great Wall Soil temperature-moisture sensor, the Monitoring Data of salt sub-sensor on ruins, the service data of precipitation sensor) in returned data The heart;The Monitoring Data of gateway operation includes:Packet drop and operation information, system in gateway transmitting procedure are threatened and crisp Weak property, asset data data include prison of the fail-safe softwares such as traditional intruding detection system, vulnerability scanning system to system server Survey data;Data after the automatic test script test result of systemic-function Monitoring Data quantifies are passed by way of wired internet Shu Hui data centers;
3. data processing function:The situation initial data collected is subjected to statistical analysis, repetition is removed, mistake, invalid , unified form operation situation data and security postures data are formed, operation situation data format includes:Acquisition time, data Length, data source device code, data content, are stored in operation situation database;Security postures data format includes:During collection Between, data length, secure data source categories, data source device code, data content, be stored in security postures database;
4. the situation data collected are classified, and be stored in the database of data center, Great Wall body is passed Monitoring Data, the Monitoring Data of sensor and gateway operation, transmission network Monitoring Data, the systemic-function Monitoring Data of sensor are returned Class is operation situation data;System is threatened and fragility, asset data are classified as security postures data, and is stored to phase In the database answered;
2) system trend evaluation subsystem is set up, the operation characteristic according to bright Great Wall Situation Awareness System is formed Three-levle platform, first class index includes:Run security postures, network safety situation;Two-level index includes:System-based Run index, system threat index, system vulnerability index;Three-level index includes:Infrastructure device operation safety index, data are passed Defeated safe operation index, systemic-function operation safety index;Service equipment operation safety index, Cybersecurity Operation refer to safely Number;Wherein, situation operation is assessed is transported using infrastructure device operation safety index, data transmission security operation index, systemic-function The data of row safety index as its evaluation model input;Situation security evaluation uses service equipment operation safety index, net Network safe operation safety index as model of mind input;By bottom-up stepwise quantization, the overall state of system is formed Gesture assessment result, its define quantification of targets calculation formula be:3 grades of situation quantification of targets formula:
2 grades of situation quantification of targets formula:
1 grade of situation quantification of targets formula:
In formula, E3i(t) it is the situation quantification of targets value of a certain moment third layer, wherein AjFor t index j numerical value, g (Aj(t)) it is t AjNormalized value, w3jFor index j weight, w3jProvided according to expertise;Two-level index E2i(t) by Three-level index weighted sum is obtained, wherein w2jFor the weight first class index E of correspondence two-level index1i(t) asked by two-level index weighting With obtain similarly;Final quantization obtains the Situation Assessment result of system;
According to the selected period, operation situation evaluation function is according to operation situation evaluation index system by the fortune collected Row situation data calculate and obtain operation situation assessment result, the running situation of the certain time period of reaction system;Similarly, system is pacified Full Situation Awareness unit, which calculates the operation situation data collected according to safety situation evaluation index system, obtains security postures Assessment result;Comprehensive situation is assessed to be built according to the input of the result of operation situation evaluation index and safety situation evaluation index is advance Intelligent evaluation model obtain comprehensive situation assessment result;System trend prediction according to the operation situation of first three weeks, security postures, Comprehensive situation predicts the situation result of one week after;
3) setting up system and threatening to comment to alert should include with early warning subsystem, Core Feature:Threat warning, threat early warning work( Energy;The situation value of obtained present period is calculated according to system trend evaluation subsystem, real-time alarming mechanism is set;By special Real-time evaluation system risk situation is classified by family's given threshold value, is divided into operating risk, is run high-risk, danger, safety High-risk, comprehensive dangerous, comprehensive high-risk six ranks, wherein operating risk, the high-risk, danger of operation, safety high-risk generation respectively Table system operation and monitors security threat, and system network safety is on the hazard;Calculated according to system trend evaluation subsystem The next all situation values arrived, carry out early warning classification, and according to expertise given threshold, early warning is divided into common operation (system Situation is not above threshold value), intermediate risk (system operation situation and security postures wherein have one to exceed threshold value), senior risk (system operation situation and safety situation evaluation result are above setting max-thresholds), guidance is provided for the maintenance of system manager And help;Classification according to early warning and alarm is timely informed system operation security threat, passes through system message, short message Message, voice call, wechat PUSH message timely notify Administrator system to threaten situation;
4) running situation displaying and analyzing subsystem are set up, Core Feature should include, using statistical chart display systems Service data, includes electricity, transmission path packet loss, fault rate, System Functional Test success rate and the network of system sensor Secure data, including ratio, number of times under attack, various attack proportions shared by leak quantity, various rank leaks;Adopt The data real-time change of Situation Assessment system is shown with dendrogram;The change of comprehensive situation is shown using line chart, and each System operation situation and system security postures are shown using pie chart mode in node, and show that the warning of situation divides with different colours Level situation, makes the situation situation of change for experiencing system that system manager is clear and intuitive;Topmost physics is set system safely Standby running situation is using the machine operation of the big representative region of physical topology figure real-time exhibition five and the operation feelings of transmission path Condition;History battle state display is combined displaying with processing scheme, and there is provided Similar Problems for the efficiency of raising system manager's process problem Processing scheme, gives rational suggestion;System trend analysis is reported by generating the Study on Trend of system fixed time period, is analyzed The operation of situation index system data cases, system trend situation of change, warning and early warning situation, threat disposition to system Analysed in depth;
The service that B, system are provided is built;
1) data acquisition is serviced with transmission:Data acquisition and transmission to bright Great Wall field monitoring equipment are serviced, to multidimensional The collection of data, the integrated transmission of data, improve the acquisition capacity to system data, ensure reliability, reality in data transfer Shi Xing;
2) data processing and storage service service:The mass data of higher-dimension, isomery for bright Great Wall Situation Awareness System, Pretreatment and the classification store function of data are provided, and set up efficient data-storage system, the availability of data is improved and has Effect property, and ensure data integrity and authenticity;
3) system trend is assessed and Tendency Prediction service:Data to bright Great Wall Situation Awareness are analyzed, and utilize foundation Situation Assessment index system quantization system situation, system trend is estimated from multidimensional different angle, real peace is disclosed Full blast danger, improves the ability of the reply risk of system;And great security risk is predicted;
4) system threat identification and Warning Service:The threat currently faced to system and the risk that will be faced are identified And early warning, the safe operation of safeguards system;
5) system operation situation diagrammatic representation and Study on Trend service:The displaying of the overall situation of system is needed, makes system Operation of the keeper to system has comprehensive assurance, and the risk assessment situation to system, running situation, progress pictorialization are straight Displaying is seen, is administrative staff's identification threat, processing risk provides effective instruct;
6) Intelligent treatment scheme recommendation service:The result assessed for system risk, is given birth to automatically using artificial intelligence approach New data are continuously added into the processing scheme of recommendation, and to the training algorithm of recommended models, accurately and efficiently processing side is formed The recommendation of case.
Soil humidity sensor, the salinity that described bright Great Wall body Monitoring Data includes being deployed on bright Ruins of Great Wall are passed The Monitoring Data of sensor, the service data of precipitation sensor;The Monitoring Data of gateway operation includes:The packet drop of gateway and Operation information;The packet loss that transmission network Monitoring Data includes transmission network (mobile network, big-dipper satellite network, cable network) leads to Believe condition monitoring data;System is threatened and fragility, asset data data include traditional intruding detection system, vulnerability scanning system Monitoring Data of the fail-safe softwares such as system to system server;After the automatic test script test result of systemic-function Monitoring Data quantifies Data.

Claims (9)

1. a kind of Security Situation Awareness Systems towards bright Great Wall intelligent perception system, it is characterised in that including system operation number Threatened according to acquisition process subsystem, system trend evaluation subsystem, system and comment alarm and early warning subsystem, running situation exhibition Show and analyzing subsystem;
Described system operation data acquisition process subsystem including field monitoring device data acquisition unit, field monitoring by setting Standby image data acquiring unit, network security data collecting unit, network operation data acquisition unit, data transmission unit, number According to classification processing unit, data pre-processing unit composition;
Described system trend evaluation subsystem includes system operation Situation Awareness unit, system network safety Situation Awareness list Member, system comprehensive situation perceive unit, system trend predicting unit;
Described system, which is threatened, comments alarm and early warning subsystem, including system alert unit and prewarning unit;
Described running situation displaying and analyzing subsystem, including history situation display unit, real-time situation display unit, Predictive situation display unit, situation automatically analyze unit, intellective scheme recommendation unit.
2. a kind of Security Situation Awareness Systems towards bright Great Wall intelligent perception system according to claim 1, its feature It is, described data acquisition unit is by field monitoring device data acquisition unit and field monitoring equipment image data acquiring list Member composition;Field monitoring device data acquisition is same miniature to being connected to by the way of microprocessor integrated sensor data The multiple systems operational monitoring sensing data of processor is integrated;For the visual plant in Monitoring Focus region, using video figure The mode of picture catches the realtime graphic of equipment, and by image technique correlation technique, the running situation data to monitoring device are carried out Collection;Described data transmission unit ensures data for field IFR conditions using mobile communication and Beidou satellite transmission Transmission, backups each other, and increase field sensory perceptual system transmits the reliability and real-time of data;Described data classification processing unit Be classified as including data classification feature and store function, the characteristics of for transmitting to the data of data center operation situation data, Security postures data.
3. a kind of Security Situation Awareness Systems towards bright Great Wall intelligent perception system according to claim 1, its feature It is, the problem of described system operation Situation Awareness unit includes running for influence system-based, is carried according to the selected period Operation situation data are taken and according to the operation situation of Situation Assessment index system quantitative evaluation system, in identifying system running There is the security risk for influenceing normally to run;Described system network safety Situation Awareness unit includes, and system is in internet In a key factor, be faced with the threat of a large amount of network securitys, by the security postures data of network residing for the system of collection, Formed and directly perceived, the global risk of the network security threats of systems face is shown;Described system comprehensive situation perceives unit Including to influence system worked well faced network security threats, equipment fault the problems such as formed whole synthesis risk comment Estimate result.
4. a kind of Security Situation Awareness Systems towards bright Great Wall intelligent perception system according to claim 1, its feature It is, described warning unit is according to the assessment result in system trend evaluation subsystem for systems face risk, to system The security threat faced is classified, and is divided into operating risk, is run high-risk high-risk, danger, safety, comprehensive danger, integrates High-risk six ranks;Prewarning unit:According to the assessment result of Tendency Prediction model, the warning level of dividing system:It is divided into common (system trend is not above threshold value), middle rank (system operation situation and security postures wherein have one exceed threshold value), senior (it is System operation situation and safety situation evaluation result are above setting max-thresholds);According to the alarm of warning unit and prewarning unit Rank notifies system manager by the way of voice call, short message, wechat push, system message.
5. a kind of Security Situation Awareness Systems towards bright Great Wall intelligent perception system according to claim 1, its feature It is, described history situation display unit is tackled security threat by diagrammatic representation System History situation and correspondence system and handled Scheme;The Forewarn evaluation result for the security threat that system is likely encountered by described predictive situation display unit shows keeper And pass through intellective scheme recommendation unit recommendation process scheme;Described situation automatically analyzes unit by forming past one week, one The situation report of individual month is analyzed the security situation of system, is formed and is assessed information, situation warning information, police to system trend Accuse the character description information of information and disposition;Described intellective scheme recommendation unit is included when system operation risk exceedes During safe operation threshold value, intelligence is recommended according to the system operation situation such as operation situation, comprehensive situation, weather, electricity characteristic element Processing scheme;When system safety hazards than it is larger when, pushed away according to security postures, comprehensive situation, system safety means data characteristics Recommend Intelligent treatment scheme;Wherein the structure of recommended models will according to the advance system intellective scheme of expert's generation and situation feature Element, uses deep learning model pre-training system model;Afterwards training number is continuously increased further according to keeper's processing scheme and feature According to repetition training intellective scheme recommended models, the degree of accuracy for recommending intellective scheme is improved, is improved for being under the complex situations of field The ability of system operational support.
6. a kind of Security Situation Awareness Systems towards bright Great Wall intelligent perception system according to claim 1, its feature Be, described use statistical chart display systems service data, including the electricity of system sensor, transmission path packet loss therefore Barrier rate, System Functional Test success rate and network security data, including ratio shared by leak quantity, various rank leaks, by To number of times of attack, various attack proportions;The data real-time change of Situation Assessment system is shown using dendrogram;Using broken line The change of figure displaying comprehensive situation, and system operation situation and the safe state of system are shown using pie chart mode in each node Gesture, and show that the warning of situation is classified situation with different colours, make the situation for experiencing system that system manager is clear and intuitive Situation of change;Topmost physical equipment running situation uses the big representative region of physical topology figure real-time exhibition five to system safely The running situation of machine operation and transmission path;History battle state display is combined displaying with processing scheme, improves system administration The efficiency of member's process problem gives rational suggestion there is provided the processing scheme of Similar Problems;System trend analysis is by generating system The Study on Trend report for fixed time period of uniting, analyzes situation index system data cases, system trend situation of change, alerts and pre- The operation of alert condition, threat disposition to system is analysed in depth.
7. a kind of Security Situation Awareness Systems towards bright Great Wall intelligent perception system according to claim 1, its feature It is, described situation displaying uses multi views exhibition method, wherein being shown using pie chart different in comprehensive situation situation, pie chart Color shows operation situation and security postures are for the influence situation of comprehensive situation, and the mode of physical topology figure shows five big typical cases The data transfer in region returns the real-time condition of data center and the running situation of gateway and sensor.
8. a kind of security postures cognitive method towards bright Great Wall intelligent perception system, including system function module is built, system What is serviced builds, it is characterised in that comprise the following steps:
A system function modules are built:
1) system trend data message is obtained:The data of different sensors in acquisition system, and pass through Beidou satellite communication system Data center is transmitted back to mobile communication signal, after being classified and is stored, including sensor data acquisition, data transfer, number Classify according to center and store three steps;And set up system operation data acquisition process subsystem:Core Feature should include, data Acquisition function, data-transformation facility, data processing function;
1. data acquisition function:To the monitoring number of the Great Wall body sensors of five big representative regions of bright Great Wall intelligent perception system According to, sensor and Monitoring Data, transmission network Monitoring Data, threat and the fragility of gateway operation, asset data data, it is The collection for function monitoring data of uniting;The data integration of each representative region each representative region microprocessor and pass through net Close forwarding;The method of systemic-function Monitoring Data collection, should comprise the following steps:
The method of described systemic-function Monitoring Data collection, comprises the following steps:
A, test script are recorded:
By the test script of system automatic testing software recording system function, time that script performs is set in software, secondary Number, sets software start automatic start, it is ensured that the execution of test function;
B, perform test:
Test three times a day is performed to the major function of each page in system four big business modules, basic function is entered The test of row once a day, test result is stored in test database;Field includes in test database:Test module name Title, test module significance level, testing time, test result;
C, test result quantify:
Weight is assigned respectively according to four big major functions of bright Great Wall Situation Awareness System, then the page in each function It is divided into the weight that displaying function and system business function substantially assign 0.4 and 0.6 respectively, finally according to each System Functional Test As a result (1 is successfully returned to, 0) unsuccessful return, calculates day test result and moon test result:The day test big work(of quantized result=tetra- Can weight × page function classification × test result × testing time;Daily test quantized result in test quantized result=week in week / 7 are added, the final test result amount W (t) of test result is obtained and is expressed from the next:
<mrow> <mi>W</mi> <mrow> <mo>(</mo> <mi>t</mi> <mo>)</mo> </mrow> <mo>=</mo> <mfrac> <mrow> <msub> <mi>w</mi> <mn>1</mn> </msub> <mo>&amp;times;</mo> <msub> <mi>w</mi> <mn>2</mn> </msub> <mo>&amp;times;</mo> <munderover> <mo>&amp;Sigma;</mo> <mrow> <mi>i</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>n</mi> </munderover> <msub> <mi>v</mi> <mi>i</mi> </msub> </mrow> <mrow> <mi>t</mi> <mi>i</mi> <mi>m</mi> <mi>e</mi> </mrow> </mfrac> </mrow>
In formula, W (t) is the functional test results in seclected time section, and t is the time granularity chosen, and can be day, week, the moon, w (1) it is the weight of system main business function, w (w) is page function classification, vi is the test result of ith, and time is selected The numerical value in units of day of period, such as time one week seven days is equal to 7;
2. data-transformation facility:In order to ensure the reliability of the data transfer mode under the IFR conditions of field, gateway passes through Mobile communication transmission, Beidou satellite communication system mode, (including bright Ruins of Great Wall is deployed in by Great Wall body Monitoring Data On soil temperature-moisture sensor, the Monitoring Data of salt sub-sensor, the service data of precipitation sensor) returned data center; The Monitoring Data of gateway operation includes:Packet drop and operation information, system in gateway transmitting procedure are threatened and fragile Property, asset data data include the monitorings of the fail-safe software to system server such as traditional intruding detection system, vulnerability scanning system Data;Data after the automatic test script test result of systemic-function Monitoring Data quantifies are transmitted by way of wired internet Go back to data center;
3. data processing function:The situation initial data collected is subjected to statistical analysis, repetition, mistake, void item, shape is removed Into unified form operation situation data and security postures data, operation situation data format includes:Acquisition time, data length, Data source device code, data content, are stored in operation situation database;Security postures data format includes:Acquisition time, number According to length, secure data source categories, data source device code, data content, security postures database is stored in;
4. the situation data collected are classified, and be stored in the database of data center, by Great Wall body sensors Monitoring Data, the Monitoring Data of sensor and gateway operation, transmission network Monitoring Data, systemic-function Monitoring Data be classified as Operation situation data;System is threatened and fragility, asset data are classified as security postures data, and is stored to corresponding In database;
2) system trend knowledge acquisition:Risk is carried out respectively by the situation data of data center to assess in real time, and situation is pre- The computing of survey, including risk assessment, two steps of Tendency Prediction;And system trend evaluation subsystem is set up, it is described according to bright The operation characteristic of Great Wall Situation Awareness System, forms three-levle platform, and first class index includes:Run security postures, net Network security postures;Two-level index includes:System-based operation index, system threat index, system vulnerability index;Three-level index Including:Infrastructure device operation safety index, data transmission security operation index, systemic-function operation safety index;Service equipment Run safety index, Cybersecurity Operation safety index;Wherein, situation operation assess using infrastructure device operation safety index, The data that data transmission security operation index, systemic-function run safety index are used as the input of its evaluation model;Situation safety Assess and use service equipment to run safety index, Cybersecurity Operation safety index as the input of model of mind;By the bottom of from Upward stepwise quantization, forms the overall Situation Assessment result of system, and its definition quantification of targets calculation formula is:3 grades of situation refer to Scalarization formula:
2 grades of situation quantification of targets formula:
1 grade of situation quantification of targets formula:
In formula, E3i(t) it is the situation quantification of targets value of a certain moment third layer, wherein AjFor t index j numerical value, g (Aj (t)) it is t AjNormalized value, w3jFor index j weight, w3jProvided according to expertise;Two-level index E2i(t) by three Level index weighted sum is obtained, wherein w2jFor the weight first class index E of correspondence two-level index1i(t) by two-level index weighted sum Obtain similarly;Final quantization obtains the Situation Assessment result of system;
According to the selected period, operation situation evaluation function is according to operation situation evaluation index system by the run mode collected Gesture data calculate and obtain operation situation assessment result, the running situation of the certain time period of reaction system;Similarly, the safe state of system Gesture perceives unit and the operation situation data collected calculating is obtained into safety situation evaluation according to safety situation evaluation index system As a result;Comprehensive situation assesses the intelligence for inputting and building in advance according to the result of operation situation evaluation index and safety situation evaluation index Energy assessment models obtain comprehensive situation assessment result;System trend is predicted according to the operation situation of first three weeks, security postures, synthesis The situation result of Tendency Prediction one week after;
3) system trend multi views visual presentation and threat identification, processing:By the way that the result of the analysis and assessment of previous step is entered The a variety of various forms of views of row show and alerted for Situation Assessment result that Tendency Prediction result impends pre- It is alert, and the recommended work of Intelligent treatment scheme is provided;Including the visualization of system trend multi views, threat identification and alarm, processing Scheme intelligent recommendation;Setting up system and threatening to comment to alert should include with early warning subsystem, Core Feature:Threat warning, threat early warning Function;The situation value of obtained present period is calculated according to system trend evaluation subsystem, real-time alarming mechanism is set;Pass through Real-time evaluation system risk situation is classified by expert's given threshold value, is divided into operating risk, is run high-risk, danger, peace Overall height danger, wherein comprehensive dangerous, comprehensive high-risk six ranks, operating risk, the high-risk, danger of operation, the high-risk difference of safety Represent system operation and monitor security threat, system network safety is on the hazard;Calculated according to system trend evaluation subsystem Obtained next all situation values, carry out early warning classification, according to expertise given threshold, and early warning is divided into common operation and (is System situation is not above threshold value), intermediate risk (system operation situation and security postures wherein have one to exceed threshold value), senior wind Nearly (system operation situation and safety situation evaluation result are above setting max-thresholds), the maintenance for system manager, which is provided, refers to Lead and help;Classification according to early warning and alarm is timely informed system operation security threat, by system message, short Letter message, voice call, wechat PUSH message timely notify Administrator system to threaten situation;
4) running situation displaying and analyzing subsystem are set up, Core Feature should include, and be run using statistical chart display systems Data, include electricity, transmission path packet loss, fault rate, System Functional Test success rate and the network security of system sensor Data, including ratio, number of times under attack, various attack proportions shared by leak quantity, various rank leaks;Using tree Shape figure shows the data real-time change of Situation Assessment system;The change of comprehensive situation is shown using line chart, and in each node Interior use pie chart mode shows system operation situation and system security postures, and shows that the warning of situation is classified feelings with different colours Condition, makes the situation situation of change for experiencing system that system manager is clear and intuitive;System safely transport by topmost physical equipment Market condition is using the machine operation of the big representative region of physical topology figure real-time exhibition five and the running situation of transmission path;Go through History battle state display is combined displaying with processing scheme, and there is provided the processing of Similar Problems for the efficiency of raising system manager's process problem Scheme, gives rational suggestion;System trend analysis is reported by generating the Study on Trend of system fixed time period, analyzes situation The operation of index system data cases, system trend situation of change, warning and early warning situation, threat disposition to system is carried out Analyse in depth;
The service that B, system are provided is built;
1) data acquisition is serviced with transmission:Data acquisition and transmission to bright Great Wall field monitoring equipment are serviced, to multidimensional data Collection, the integrated transmission of data, improve to the acquisition capacity of system data, ensure reliability, the real-time in data transfer;
2) data processing and storage service service:The mass data of higher-dimension, isomery for bright Great Wall Situation Awareness System there is provided The pretreatment of data and classification store function, and efficient data-storage system is set up, the availability and validity of data are improved, And ensure data integrity and authenticity;
3) system trend is assessed and Tendency Prediction service:Data to bright Great Wall Situation Awareness are analyzed, and utilize the state of foundation Gesture evaluation index system quantization system situation, is estimated to system trend from the different angles of multidimensional, discloses real safety wind Danger, improves the ability of the reply risk of system;And great security risk is predicted;
4) system threat identification and Warning Service:The threat currently faced to system and the risk that will face are identified and in advance It is alert, the safe operation of safeguards system;
5) system operation situation diagrammatic representation and Study on Trend service:The displaying of the overall situation of system is needed, makes system administration Operation of the member to system has comprehensive assurance, and the risk assessment situation to system, running situation, progress pictorialization are intuitively opened up Show, be administrative staff's identification threat, processing risk provides effective instruct;
6) Intelligent treatment scheme recommendation service:The result assessed for system risk, is automatically generated using artificial intelligence approach and pushed away The processing scheme recommended, and new data are continuously added to the training algorithms of recommended models, forms accurately and efficiently processing scheme Recommend.
9. a kind of security postures cognitive method towards bright Great Wall intelligent perception system according to claim 1, its feature It is, described bright Great Wall body Monitoring Data includes soil humidity sensor, the salinity sensing being deployed on bright Ruins of Great Wall The Monitoring Data of device, the service data of precipitation sensor;The Monitoring Data of gateway operation includes:The packet drop and fortune of gateway Row information;The packet loss that transmission network Monitoring Data includes transmission network (mobile network, big-dipper satellite network, cable network) communicates Condition monitoring data;System is threatened and fragility, asset data data include traditional intruding detection system, vulnerability scanning system Deng Monitoring Data of the fail-safe software to system server;After the automatic test script test result of systemic-function Monitoring Data quantifies Data.
CN201710464725.XA 2017-06-19 2017-06-19 A kind of Security Situation Awareness Systems and method towards bright Great Wall intelligent perception system Pending CN107332698A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710464725.XA CN107332698A (en) 2017-06-19 2017-06-19 A kind of Security Situation Awareness Systems and method towards bright Great Wall intelligent perception system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710464725.XA CN107332698A (en) 2017-06-19 2017-06-19 A kind of Security Situation Awareness Systems and method towards bright Great Wall intelligent perception system

Publications (1)

Publication Number Publication Date
CN107332698A true CN107332698A (en) 2017-11-07

Family

ID=60195448

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710464725.XA Pending CN107332698A (en) 2017-06-19 2017-06-19 A kind of Security Situation Awareness Systems and method towards bright Great Wall intelligent perception system

Country Status (1)

Country Link
CN (1) CN107332698A (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108229535A (en) * 2017-12-01 2018-06-29 百度在线网络技术(北京)有限公司 Relate to yellow image audit method, apparatus, computer equipment and storage medium
CN108449218A (en) * 2018-05-29 2018-08-24 广西电网有限责任公司 The network security situation sensing system of next-generation key message infrastructure
CN108806154A (en) * 2018-07-10 2018-11-13 山东科技大学 Field ancient tomb remote sensing anti-theft monitoring system and remote sensing monitoring method
CN108802331A (en) * 2018-05-29 2018-11-13 深圳源广安智能科技有限公司 Soil quality safety monitoring system
CN108809706A (en) * 2018-05-29 2018-11-13 深圳凯达通光电科技有限公司 A kind of network risks monitoring system of substation
CN108881179A (en) * 2018-05-29 2018-11-23 深圳大图科创技术开发有限公司 Transmission line of electricity applied to smart grid reliably monitors system
CN109787973A (en) * 2019-01-11 2019-05-21 积成电子股份有限公司 A kind of calculation method of network safety situation index system
CN109857858A (en) * 2018-12-11 2019-06-07 西南石油大学 Multilingual special culture resource display systems and its methods of exhibiting
CN111080226A (en) * 2019-10-30 2020-04-28 北京大学 City public safety situation display method and device, storage medium and electronic equipment
CN111163295A (en) * 2020-01-07 2020-05-15 福建省恒鼎建筑工程有限公司 Situation sensing system based on power distribution network construction site
CN111935198A (en) * 2020-10-15 2020-11-13 南斗六星***集成有限公司 Visual V2X network security defense method and equipment
CN112565212A (en) * 2020-11-24 2021-03-26 傲普(上海)新能源有限公司 Data safety transmission system suitable for comprehensive energy system
CN112651006A (en) * 2020-12-07 2021-04-13 中国电力科学研究院有限公司 Power grid security situation perception platform framework
CN112799956A (en) * 2021-02-07 2021-05-14 杭州迪普科技股份有限公司 Asset identification capability test method, device and system device
CN112995019A (en) * 2021-03-23 2021-06-18 上海纽盾科技股份有限公司 Method for displaying network security situation awareness information and client
CN112995196A (en) * 2021-03-23 2021-06-18 上海纽盾科技股份有限公司 Method and system for processing situation awareness information in network security level protection
CN113344408A (en) * 2021-06-21 2021-09-03 成都民航空管科技发展有限公司 Processing method for multi-scale situation perception process of civil aviation traffic control operation
CN113672425A (en) * 2021-08-20 2021-11-19 浙江创意声光电科技有限公司 Real-time analysis system for comprehensive operation situation of intelligent lighting system
CN114154172A (en) * 2022-02-10 2022-03-08 北京国信网联科技有限公司 Network security monitoring system based on situation awareness
CN115001792A (en) * 2022-05-27 2022-09-02 北京双湃智安科技有限公司 Accuracy evaluation method for learning industrial Internet security perception system
CN117041089A (en) * 2023-08-21 2023-11-10 江苏臻云技术有限公司 Equipment monitoring system and method for remote data center

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040199573A1 (en) * 2002-10-31 2004-10-07 Predictive Systems Engineering, Ltd. System and method for remote diagnosis of distributed objects
CN101436967A (en) * 2008-12-23 2009-05-20 北京邮电大学 Method and system for evaluating network safety situation
CN102254239A (en) * 2011-06-01 2011-11-23 福建省电力有限公司 Power grid wind damage early warning system based on micro-landform wind field distribution and typhoon superimposed effect

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040199573A1 (en) * 2002-10-31 2004-10-07 Predictive Systems Engineering, Ltd. System and method for remote diagnosis of distributed objects
CN101436967A (en) * 2008-12-23 2009-05-20 北京邮电大学 Method and system for evaluating network safety situation
CN102254239A (en) * 2011-06-01 2011-11-23 福建省电力有限公司 Power grid wind damage early warning system based on micro-landform wind field distribution and typhoon superimposed effect

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108229535B (en) * 2017-12-01 2019-07-23 百度在线网络技术(北京)有限公司 Relate to yellow image audit method, apparatus, computer equipment and storage medium
CN108229535A (en) * 2017-12-01 2018-06-29 百度在线网络技术(北京)有限公司 Relate to yellow image audit method, apparatus, computer equipment and storage medium
CN108449218A (en) * 2018-05-29 2018-08-24 广西电网有限责任公司 The network security situation sensing system of next-generation key message infrastructure
CN108802331A (en) * 2018-05-29 2018-11-13 深圳源广安智能科技有限公司 Soil quality safety monitoring system
CN108809706A (en) * 2018-05-29 2018-11-13 深圳凯达通光电科技有限公司 A kind of network risks monitoring system of substation
CN108881179A (en) * 2018-05-29 2018-11-23 深圳大图科创技术开发有限公司 Transmission line of electricity applied to smart grid reliably monitors system
CN108449218B (en) * 2018-05-29 2019-03-08 广西电网有限责任公司 The network security situation sensing system of next-generation key message infrastructure
CN108809706B (en) * 2018-05-29 2021-04-23 贵州电网有限责任公司 Network risk monitoring system of transformer substation
CN108806154A (en) * 2018-07-10 2018-11-13 山东科技大学 Field ancient tomb remote sensing anti-theft monitoring system and remote sensing monitoring method
CN109857858A (en) * 2018-12-11 2019-06-07 西南石油大学 Multilingual special culture resource display systems and its methods of exhibiting
CN109857858B (en) * 2018-12-11 2021-10-01 西南石油大学 Multi-language characteristic culture resource display system and display method thereof
CN109787973A (en) * 2019-01-11 2019-05-21 积成电子股份有限公司 A kind of calculation method of network safety situation index system
CN111080226A (en) * 2019-10-30 2020-04-28 北京大学 City public safety situation display method and device, storage medium and electronic equipment
CN111080226B (en) * 2019-10-30 2023-10-31 北京大学 Urban public security situation display method and device, storage medium and electronic equipment
CN111163295A (en) * 2020-01-07 2020-05-15 福建省恒鼎建筑工程有限公司 Situation sensing system based on power distribution network construction site
CN111935198A (en) * 2020-10-15 2020-11-13 南斗六星***集成有限公司 Visual V2X network security defense method and equipment
CN112565212A (en) * 2020-11-24 2021-03-26 傲普(上海)新能源有限公司 Data safety transmission system suitable for comprehensive energy system
CN112565212B (en) * 2020-11-24 2022-12-16 傲普(上海)新能源有限公司 Data safety transmission system suitable for comprehensive energy system
CN112651006A (en) * 2020-12-07 2021-04-13 中国电力科学研究院有限公司 Power grid security situation perception platform framework
CN112651006B (en) * 2020-12-07 2023-08-25 中国电力科学研究院有限公司 Power grid security situation sensing system
CN112799956B (en) * 2021-02-07 2023-05-23 杭州迪普科技股份有限公司 Asset identification capability test method, device and system device
CN112799956A (en) * 2021-02-07 2021-05-14 杭州迪普科技股份有限公司 Asset identification capability test method, device and system device
CN112995196A (en) * 2021-03-23 2021-06-18 上海纽盾科技股份有限公司 Method and system for processing situation awareness information in network security level protection
CN112995019A (en) * 2021-03-23 2021-06-18 上海纽盾科技股份有限公司 Method for displaying network security situation awareness information and client
CN113344408A (en) * 2021-06-21 2021-09-03 成都民航空管科技发展有限公司 Processing method for multi-scale situation perception process of civil aviation traffic control operation
CN113672425A (en) * 2021-08-20 2021-11-19 浙江创意声光电科技有限公司 Real-time analysis system for comprehensive operation situation of intelligent lighting system
CN114154172A (en) * 2022-02-10 2022-03-08 北京国信网联科技有限公司 Network security monitoring system based on situation awareness
CN115001792A (en) * 2022-05-27 2022-09-02 北京双湃智安科技有限公司 Accuracy evaluation method for learning industrial Internet security perception system
CN117041089A (en) * 2023-08-21 2023-11-10 江苏臻云技术有限公司 Equipment monitoring system and method for remote data center
CN117041089B (en) * 2023-08-21 2024-01-23 江苏臻云技术有限公司 Equipment monitoring system and method for remote data center

Similar Documents

Publication Publication Date Title
CN107332698A (en) A kind of Security Situation Awareness Systems and method towards bright Great Wall intelligent perception system
CN105758450B (en) Met an urgent need based on multisensor the fire-fighting early warning sensory perceptual system construction method of robot
CN109829429A (en) Security protection sensitive articles detection method under monitoring scene based on YOLOv3
CN105357063B (en) A kind of cyberspace security postures real-time detection method
CN107145959A (en) A kind of electric power data processing method based on big data platform
CN109379374A (en) Threat identification method for early warning and system based on event analysis
CN108418841A (en) Next-generation key message infrastructure network Security Situation Awareness Systems based on AI
CN110417721A (en) Safety risk estimating method, device, equipment and computer readable storage medium
CN108764601A (en) A kind of monitoring structural health conditions abnormal data diagnostic method based on computer vision and depth learning technology
CN111754715B (en) Fire-fighting emergency response method, device and system
CN110222672A (en) The safety cap of construction site wears detection method, device, equipment and storage medium
CN112785458A (en) Intelligent management and maintenance system for bridge health big data
CN112529327A (en) Method for constructing fire risk prediction grade model of buildings in commercial areas
CN110162445A (en) The host health assessment method and device of Intrusion Detection based on host log and performance indicator
CN108108388A (en) City function Facilities Construction operation security produces active monitoring system and method
CN113053063A (en) Mobile terminal-based disaster online disposal flow implementation method
CN110728381A (en) Intelligent power plant inspection method and system based on RFID and data processing
CN112798979A (en) System and method for detecting state of grounding wire of transformer substation based on deep learning technology
CN112478483A (en) Automatic monitoring and early warning method and system for hazardous chemical substance normal-pressure storage tank
CN115965246A (en) Early warning analysis method for karst collapse disaster
CN117114406A (en) Emergency event intelligent early warning method and system based on equipment data aggregation
CN206115222U (en) Be applied to energy -conserving management system&#39;s of building environment self -adaptation energy -saving monitoring center
CN107506727A (en) A kind of intelligent video supervisory systems based on Internet of Things
CN110989042A (en) Intelligent prediction method for highway fog-clustering risk
CN117151478B (en) Chemical enterprise risk early warning method and system based on convolutional neural network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171107