杨志琼，牟 舵

　　(水利部珠江水利委员会珠江水利综合技术中心，广东 广州 510611)

　　摘要：为进一步提升珠江委网络安全防护水平，打造全天候主动防御的网络安全防护体系，梳理当前珠江委网络安全防护的短板，从自动告警、攻击行为重塑、脆弱性分析等方面分析态势感知平台功能需求，依托数据融合、事件关联、态势预测等态势感知关键技术，设计一种符合珠江委网络安全防护需求的态势感知平台。平台架构设计为数据采集、存储分析、核心业务和BI展示4个层次，主要实现资产管理、风险感知、预警管理和安全态势信息专题展示等功能。基于网络安全态势感知平台，珠江委基本形成事先梳理、风险感知、安全监测、事件分析、事件处置的主动防御体系，安全监测和主动防御能力明显提升，重要信息系统防护均未失陷，取得较好的应用效果。

　　关键词：网络安全;态势感知;平台;关键技术;主动防御;珠江委

　　Design and application of network security situation awareness platform in Pearl River Water Resources Commission

　　YANG Zhiqiong，MU Duo

　　(Pearl River Water Conservancy Comprehensive Technology Center, Pearl River Water Resources Commission,Ministry of Water Resources,Guangzhou 510611,China)

　　Abstract：In order to further improve the network security protection level, build an all-weather active defense network security protection system, and sort out shortcomings of the current network security protection of the Pearl River Water Resources Commission(PRWRC), a situational awareness platform, which can meet the network security protection requirements of the PRWRC,is designed by relying on key situational awareness technologies such as data fusion, event association and situation prediction. The functional requirements of the awareness platform are analyzed from aspects of automatic alarm, remolding of attack behavior, vulnerability analysis and so on.The platform architecture is designed as four levels of data collection, storage analysis, core business and BI display, mainly realizing the functions of asset management, risk perception, early warning management and security situation information thematic display. Based on the network security situational awareness platform, an active defense system of pre-sorting, risk perception, safety monitoring, incident analysis and event disposal in PRWRC has been formed basically. The safety monitoring and active defense capabilities are significantly improved, and the protection of important information systems is not compromised, which achieves good application effects.

　　Key words：network security;situational awareness; platform;key technology;active defense;PRWRC