Application of big data in the network security situation awareness platform of intelligent power monitoring system

INTRODUCTION: The growing complexity of network infrastructures has led to increasingly sophisticated network attacks. Traditional intrusion detection and firewall systems are no longer sufficient to handle these advanced threats. As a result, network situational awareness has emerged as a vital approach to enhance network security, particularly in power information systems. By leveraging big data technologies, network operators can better understand network behavior and perform rapid analyses of diverse data types, enabling effective threat detection and mitigation. OBJECTIVES: The primary goals of this study are: To develop a robust security situational awareness framework for power information systems. To integrate tools and methods for efficient data collection, processing, storage, analysis, and visualization. To implement scalable and high-performance solutions for detecting and forecasting various network security risks. METHODS: Data Collection: Tools such as Flume and Kafka are used to collect network attack logs and relevant data. Data Processing: Frameworks like Apache Spark and Storm are employed for batch and real-time data analysis, ensuring fast and efficient handling of large datasets. Feature Extraction: A Deep Gated Recurrent Unit (D-GRU) model is used to determine index weights and extract critical features of the network security situation. Scenario Assessment: A decision matrix is constructed and analyzed using Apache Spark to assess the current state of network security. RESULTS: The proposed framework demonstrated scalability, ease of deployment, and high availability. These characteristics allowed for effective detection and forecasting of various network security threats, providing an advanced understanding of network behavior and enhancing overall security posture. CONCLUSION: The integration of big data technologies with network situational awareness offers a significant improvement in detecting and preventing sophisticated network attacks. The proposed framework, which leverages tools like Flume, Kafka, Spark, and D-GRU, provides a comprehensive solution for network security, ensuring robust performance and adaptability to dynamic security challenges. This approach is particularly effective for power information systems, enabling proactive threat mitigation and improved network reliability.