大数据时代网络安全技术的演进

信息安全研究 ›› 2019, Vol. 5 ›› Issue (5): 406-413.

大数据时代网络安全技术的演进

刘国伟¹,张艺²,朱岩³

1. 北京市经济和信息化局
2. 北京科技大学计算机与通信工程学院
3. 北京科技大学

收稿日期:2019-05-06 出版日期:2019-05-15 发布日期:2019-05-06
通讯作者: 刘国伟
作者简介:刘国伟硕士，主要研究方向为网络安全. liugw@bjeit.gov.cn 张艺硕士研究生，主要研究方向为信息安全、密码学. wangjing@xs.ustb.edu.cn 朱岩教授，中国密码学会安全协议专委会委员，中国电子学会区块链专委会副主任，北京市通信保障和信息安全应急专家，已发表学术论文100余篇，已申请和授权国内和国际专利20余项.主要研究方向为密码学、大数据安全、区块链技术. zhuyan@ustb.edu.cn

Evolution Research of Network Security Technology in Big Data Era

Received:2019-05-06 Online:2019-05-15 Published:2019-05-06

摘要/Abstract

摘要： 摘要随着大数据时代的到来，信息系统表现出了一些新的特征，包括系统边界模糊化、虚拟化、数据类型非结构和泛化、功能和数据耦合程度低等，这些特征不仅导致大数据技术(data technology, DT)与信息技术(information technology, IT)有较大不同，也推进了网络安全技术的升级换代和演进.针对这些变化，对信息时代和大数据时代的特点进行了对比，提出了以私密性、完整性、追溯性、可控性为4原则的大数据安全基本属性，以及基于 “传播预测、审计溯源、动态管控”的主动、动态防御策略.在此基础上，对DT所面临的安全挑战和安全保障策略进行了讨论，将大数据安全技术按“淘汰、延续、改进、新创”分为4级，并按照访问控制、标识与鉴别、数据加密、数据隐私、入侵防范、安全审计与灾备6类分别进行了分析、梳理和探讨，这些结果将对DT时代安全技术发展、大数据平台构建和安全保障策略制定与技术选择提供支持.

关键词: 大数据时代, 安全保障策略, 安全基本属性, 安全技术分级, 安全分类

Abstract: With the advent of the era of big data, information systems have exhibited some new features, including boundary obfuscation, system virtualization, unstructure and diversification, and the low coupling degree of function and data. These features not only lead to a big difference between big data technology (DT) and information technology (IT), but also promote the upgrading and evolution of network security technology. In response to these changes, in this paper we compare the characteristics between IT era and DT era, and then propose four DT security principles: privacy, integrity, traceability, and controllability, as well as active and dynamic defense strategy based on “propagation prediction, tracking audit, dynamic management and control”. We further discusses the security challenges faced by DT and the corresponding assurance strategies. On this basis, the big data security technologies can be divided into four levels: “elimination, continuation, improvement, and innovation”, and we provide analyzation, combination and explaination for these technologies according to six categories: access control, identification and authentication, data encryption, data privacy, intrusion prevention, security audit and disaster recovery. These results will offer important assistance for the evolution of security technologies in the DT era, the construction of big data platform, the designation of security assurance strategies, and technology suitable for big data.

Key words: big data era, security assurance strategy, security attribute, security technology grading, security category

刘国伟张艺朱岩. 大数据时代网络安全技术的演进[J]. 信息安全研究, 2019, 5(5): 406-413.

参考文献

[1] Tankard C. Big data security[J]. Network security, 2012, 2012(7): 5-8 [2] 郭三强, 郭燕锦. 大数据环境下的数据安全研究[J]. 科技广场, 2013 (2): 28-31 [3] Salleh K A, Janczewski L. Technological, organizational and environmental security and privacy issues of big data: A literature review[J]. Procedia Computer Science, 2016, 100: 19-28 [4] Hota C, Upadhyaya S, Al-Karaki J N. Advances in secure knowledge management in the big data era[J]. Information Systems Frontiers, 2015, 17(5): 983-986 [5] Demchenko Y, Laat C D, Wibisono A, et al. Addressing Big Data challenges for Scientific Data Infrastructure[C]// Proc of IEEE Int Conf on Cloud Computing Technology & Science.Piscataway,NJ:IEEE, 2013 [6] Chen Y, Chen H, Gorkhali A, et al. Big data analytics and big data science: a survey[J]. Journal of Management Analytics, 2016, 3(1): 1-42 [7] Klievink B, Romijn B J, Cunningham S, et al. Big data in the public sector: Uncertainties and readiness[J]. Information Systems Frontiers, 2017, 19(2): 267-283 [8] Chen C L P, Zhang C Y. Data-intensive applications, challenges, techniques and technologies: A survey on big data[J]. Information Sciences, 2014, 275: 314-347 [9] 何全胜, 姚国祥. 网络安全需求分析及安全策略研究[J]. 计算机工程, 2000, 26(6): 56-58 [10] Cuzzocrea A . Privacy and security of big data: Current challenges and future research perspectives[C]// New York:ACM, 2014 [11] Lu R, Zhu H, Liu X, et al. Toward efficient and privacy-preserving computing in big data era[J]. IEEE Network, 2014, 28(4): 46-50 [12] Suthaharan S. Big data classification: Problems and challenges in network intrusion prediction with machine learning[J]. ACM SIGMETRICS Performance Evaluation Review, 2014, 41(4): 70-73 [13] Valdez-Juárez L E, García-Pérez de Lema D, Maldonado-Guzmán G. Management of knowledge, innovation and performance in SMEs[J]. Interdisciplinary Journal of Information, Knowledge, and Management, 2016, 11: 141-176 [14] Klievink B , Neuroni A , Fraefel M , et al. Digital Strategies in Action: A comparative analysis of national data infrastructure development[C]// Proc of the 18th Annual Intl Conf. New York:ACM, 2017 [15] 汪东芳, 鞠杰. 大数据时代计算机网络信息安全及防护策略研究[J]. 无线互联科技, 2015 (24): 40-41 [16] 郑晨阳. 面向大数据的网络安全策略研究[J]. 数字图书馆论坛, 2014 (2): 7-10 [17] Philip J. An application of the dynamic knowledge creation model in big data[J]. Technology in Society, 2018:S0160791X17302622 [18] Grolinger K. Challenges for MapReduce in Big Data[C]// Services. 2014 [19] Nawsher K , Ibrar Y , Targio H I A , et al. Big data: Survey, technologies, opportunities, and challenges[J]. The Scientific World Journal, 2014, 2014:1-18 [20] Demchenko Y, Ngo C, de Laat C, et al. Big security for big data: Addressing security challenges for the big data infrastructure[C]//Proc of Workshop on Secure Data Management. Cham:Springer, 2013: 76-94