节点文献
基于多源日志的网络安全态势系统的研究与实现
Research and Implementation of A Multiform Log Based Network Security Situation System
【作者】 刘东旭;
【导师】 陈越;
【作者基本信息】 解放军信息工程大学 , 计算机技术, 2009, 硕士
【摘要】 随着网络安全防护技术的不断发展,应用到网络中的安全设备越来越多。虽然这些安全设备在某些方面发挥了一定的作用,但如何高效率分析这些相对独立的设备产生的海量日志信息,从而有效地把握网络安全态势,成为安全管理员面临的一个主要问题。针对上述问题,本文研究和设计了一个基于多源日志的网络安全态势系统。论文首先分析了网络安全态势系统的背景和意义,比较了国内外对网络安全态势系统研究的进展情况,找出了需要改进的方面;总结了网络安全态势的相关概念、研究内容以及主流的安全态势技术等内容,给出了日志的概念、分类、常见格式和应用,指出了日志在网络安全态势中的重要性。其次建立了网络安全态势概念模型,并依据概念模型设计了系统体系框架,从分析要素、计算模型和分析过程等角度研究了网络安全态势分析方法;然后从系统的需求和系统设计原则出发,依次研究了系统的应用部署结构、功能模块划分、通信协议设计以及安全性设计等内容。设计和实现了系统的主要功能模块,主要包括日志采集、日志分析、态势数据生成、态势展示、安全响应以及系统管理等模块,并给出了应用实例和系统测试,验证了系统的可用性和准确性。论文最后总结了全文的工作及创新点,同时指出了系统的不足和下一步的工作。
【Abstract】 Research and Implementation of a Multiform Log Based Network Security Situation System With the development of network security protection technology, more and more security devices come into existence and take certain effects. However, they are relatively self-governed. As a result, security staff can hardly analyze all of the logs produced by them effectively within finite time, let alone master the network security situation in depth. A multiform log based network security situation system is designed and implemented to solve this problem.This paper firstly analyzes the background and meaning of this system. Based on the compare among the existing technologies and products, a new method is provided to improve on the traditional method. Secondly, paper discusses the concept and content of network security situation, and several popular network security situation technologies. Also, classify and format of log are presented, and the importance of log in the network security situation is point out. Thirdly, paper builds the model of network security situation, and then designs system framework. The method of network security situation is presented. Fourthly, paper starts with the requirement and principle, and then the system is designed deeply, including deployment, function framework, communication protocols and self-security. Fifthly, every function modules are designed and implemented in detail, including logs collection, logs analyse, network security situation data formed, network security situation display, security response and system maintenance. An application example is given to testify the usability of this system.At last, the paper points out the innovations, and discusses the flaws of this system and the further work.
【Key words】 network security situation; log analyse; security situation index; security situation display;