关键词: 安全监测, 态势感知, 政务网络, 异构数据融合, 大数据分析

Abstract: In recent years, with the promotion of national network security level protection and key information infrastructure protection, the construction of government network security system has been continuously improved. In view of the organized, hidden and normalized threat of network security attack, it is more and more important to build the overall combat capability based on continuous monitoring, dynamic defense and collaborative disposal. Security monitoring is the first line of defense. To build a security monitoring platform covering the whole network, the whole domain and the whole business, the key is to solve the difficult problems of multi-source heterogeneous big data collection, fusion analysis and display application, and improve the ability of perception, prediction and prevention of all risk elements. Based on the needs of government network security monitoring, this paper proposes a “1+1+N” model of government network security monitoring platform architecture, presents a data bus structure integrating multi-source data collection, integrated interface and normalization process, introduces the data association analysis model based on multi analysis engine and large data fusion analysis technology, and finally gives a practical case of government network security monitoring platform.

Key words: Security monitoring, situation awareness, government network, heterogeneous data fusion, big data analysis