基于异常流量检测和场景编排的自动化安全运营体系
Automated Security Operation System Based on Anomaly Traffic Detection and Scenario Orchestration
李玮 1李铭阳1
作者信息
- 1. 中国移动通信集团陕西有限公司,陕西西安 710061
- 折叠
摘要
传统安全监控系统不仅效率不佳,而且还会产生大量误报.安全人员通过手工的方式处理大量告警信息,很容易忽略真实且有危害的信息.为此,提出了一种基于异常流量检测的SOAR自动化响应运营体系,以提升业务操作效率和安全管理人员的工作效率,实现安全运营的精细化、自动化.同时,对于未知威胁,通过人工智能模型进行全流量分析,形成未知威胁的快速发现、溯源以及快速处置等能力,可以突破传统方法在未知威胁分析方面的技术瓶颈.
Abstract
Traditional security monitoring systems not only have poor efficiency,but also generate a large number of false alarms.Security personnel can easily ignore real and harmful information by manually processing a large amount of alarm information.To this end,a SOAR automated response operation system based on abnormal traffic detection is proposed to improve the efficiency of business operations and the work efficiency of security management personnel,and achieve the refinement and automation of security operations.At the same time,for unknown threats,using artificial intelligence models for full traffic analysis can form the ability to quickly discover,trace,and dispose of unknown threats,which can break through the technical bottleneck of traditional methods in unknown threat analysis.
关键词
异常流量分析/卷积神经网络/安全场景编排Key words
anomaly traffic analysis/CNN/security scenario orchestratio引用本文复制引用
基金项目
陕西省重点研发计划项目(2023-YBGY-227)
陕西省自然科学基础研究计划资助项目(2023-JC-QN-0705)
西安市科技计划项目(2022JH-RYFW-0138)
碑林区科技计划项目(GX2216)
出版年
2024
NETL
NSTL
万方数据