[目的]随着当前网络空间与物理空间和社会空间逐步融合的趋势,重要行业部门在网络安全保护工作中积累了大量的网络安全数据,数据和业务驱动的网络安全挂图作战对掌握资产底数、改善数据治理成效、提升网络安全保护效能具有非常明显的作用,可全方位支撑网络安全保护和保障工作.[方法]本文以重要行业开展网络安全挂图作战能力建设为驱动,提出了包含要素抽取层、图谱设计层和智能认知层在内的整体技术架构,包括针对威胁情报信息的实体/关系抽取技术、针对网络资产的自动测绘技术、网络行为监测与建模技术、智能挖掘推理技术以及可视化表达技术等关键技术方法,并在电力行业某部门进行了实践应用.[结果]该技术框架可用于构建面向网络安全保护业务的网络空间地理图谱,支撑全方位、跨空间的网络安全监测发现、态势感知、事件处置和应急响应实战.[结论]基于网络安全地理图谱的挂图作战应用具有很好的应用价值和推广前景,能够直观展示跨空间的数据、要素和业务关系,但仍需要探索业务实战领域的新方法和新模型,以提升网络安全挂图的实战效能.
[Objective]In the current trend of gradual integration of cyberspace,physical space,and so-cial space,important industry departments have accumulated a large amount of network secu-rity data in network security protection.Cyberspace security map warfare driven by Data and Business plays a very significant role in grasping the base number of assets,improving the ef-fectiveness of data governance,and enhancing the effectiveness of network security protec-tion,and can support network security protection and security work in an omni-directional way.[Methods]Driven by the construction of cyberspace security map warfare capability in important industries,this paper proposes an overall technical framework including an element extraction layer,a map design layer,and an intelligent cognitive layer,including entity/relationship extraction technology for threat intelligence information,automatic mapping technology for network assets,network behavior monitoring and modeling technology,intelligent mining and reasoning technology,visual expression technology and other key technical methods.It has been applied at a certain department of the electric power industry.[Results]The techni-cal framework can be used to build a cyberspace geographic map for network security protection services,and support an omni-directional,cross-space network security monitoring and discovery,situation awareness,event handling,and emergency response.[Conclusions]The application of the cyberspace security map based on the network security geographic map has good application value and promotion prospects,and can intuitively display cross-space data,elements,and business relationships.However,it is still necessary to explore new methods and models in the field of business practice to improve the actual combat effectiveness of the cyberspace security map.