楊志瓊，牟 舵

　　(水利部珠江水利委員會珠江水利綜合技術中心，廣東 廣州 510611)

　　摘要：為進一步提升珠江委網絡安全防護水平，打造全天候主動防御的網絡安全防護體系，梳理當前珠江委網絡安全防護的短板，從自動告警、攻擊行為重塑、脆弱性分析等方面分析態勢感知平臺功能需求，依托數據融合、事件關聯、態勢預測等態勢感知關鍵技術，設計一種符合珠江委網絡安全防護需求的態勢感知平臺。平臺架構設計為數據采集、存儲分析、核心業務和BI展示4個層次，主要實現資產管理、風險感知、預警管理和安全態勢信息專題展示等功能。基于網絡安全態勢感知平臺，珠江委基本形成事先梳理、風險感知、安全監測、事件分析、事件處置的主動防御體系，安全監測和主動防御能力明顯提升，重要信息系統防護均未失陷，取得較好的應用效果。

　　關鍵詞：網絡安全;態勢感知;平臺;關鍵技術;主動防御;珠江委

　　Design and application of network security situation awareness platform in Pearl River Water Resources Commission

　　YANG Zhiqiong，MU Duo

　　(Pearl River Water Conservancy Comprehensive Technology Center, Pearl River Water Resources Commission,Ministry of Water Resources,Guangzhou 510611,China)

　　Abstract：In order to further improve the network security protection level, build an all-weather active defense network security protection system, and sort out shortcomings of the current network security protection of the Pearl River Water Resources Commission(PRWRC), a situational awareness platform, which can meet the network security protection requirements of the PRWRC,is designed by relying on key situational awareness technologies such as data fusion, event association and situation prediction. The functional requirements of the awareness platform are analyzed from aspects of automatic alarm, remolding of attack behavior, vulnerability analysis and so on.The platform architecture is designed as four levels of data collection, storage analysis, core business and BI display, mainly realizing the functions of asset management, risk perception, early warning management and security situation information thematic display. Based on the network security situational awareness platform, an active defense system of pre-sorting, risk perception, safety monitoring, incident analysis and event disposal in PRWRC has been formed basically. The safety monitoring and active defense capabilities are significantly improved, and the protection of important information systems is not compromised, which achieves good application effects.

　　Key words：network security;situational awareness; platform;key technology;active defense;PRWRC