Application of network security situational awareness in power information system security

Abstract

Abstract The increasingly complex network environment leads to more and more intense network attacks. Traditional firewall and intrusion detection technology cannot guarantee the network security of power information system, so network space situation awareness becomes the most important in the field of network security. Big data technology can be used to better understand the operation of the network, and different types of data for rapid analysis. Build a security situation awareness system framework that integrates data collection, data processing, data storage, data analysis and data presentation to filter out harmful data and ensure network security. In this paper, the basic concept and system framework of network security situational awareness are briefly introduced. Firstly, Flume and Kafka are used to obtain log or network attack information, and MapReduce and Storm technologies are used for batch or real-time analysis to achieve the perception of network security. Then, the analytic hierarchy process (AHP) is used to determine the index weight, extract the characteristics of the network situation, and complete the evaluation of the network security situation by analyzing and constructing the decision matrix. The system has the characteristics of high availability, scalability and easy deployment, which can better support the perception and prediction of various network security threats.