【作者】 彭琪；

【导师】 肖德宝；

【作者基本信息】 华中师范大学 ， 计算机应用技术， 2008， 硕士

【摘要】 随着网络技术的快速发展和信息化进程的日渐深入,计算机网络已成为企业高效运营的重要支撑。工作效率的提高、企业信誉的提升、利润来源的拓展都依赖于稳定、高效、安全的网络环境。与此同时,各种网络攻击技术也变得越来越先进、越来越普及化,企业的网络系统面临着随时被攻击的危险,经常遭受不同程度的入侵和破坏,严重干扰了企业网络的正常运行。日益严峻的安全威胁迫使企业不得不加强对网络系统的安全防护,不断追求多层次、立体化的安全防御体系,逐步引入了防病毒、防火墙、IDS、漏洞扫描等大量异构的单点安全防御技术。然而,现有网络安全防御体系还是以孤立的单点防御为主,彼此间缺乏有效的协作,使得网络安全不得不面对新的挑战。由于网络中的安全设备数量众多、而且各自都具有自己的控制管理系统,网络安全管理员需要了解不同系统的管理方法,工作复杂度非常大。另外,随着网络规模的变大,安全报警事件的数量也随之增多,管理员疲于应付繁多复杂的安全事件,以致不能发现更深层次的安全问题,导致了安全问题的依然存在。本文在对当前的统一网络安全管理系统进行介绍和分析的基础上,研究一种数据采集模型的解决方案,介绍了它的设计原理及其体系结构,同时也对其关键技术进行了详细的研究,并总结出一种实现多源数据综合采集的方法,以此给统一网络安全管理系统上层进行数据分析奠定基础。本文在最后阐述了统一网络安全管理系统的数据采集技术在今后的研究方向。更多还原

【Abstract】 With the rapid development of network technology and the gradual in-depth of information process, computer network has become an important support for efficient development in enterprise. A stable, efficient and secure network environment is good for improving the working efficiency, enhancing the enterprise credibility and expanding the profit source. At the same time, a variety of network attacks have become more advanced and popularity. So the enterprise networks are faced with the danger of attacks at any time, and often suffered with invasions and destructions in different degrees. It seriously interferes with the normal operation of corporate networks.The increasingly serious security threat forces the enterprises to strengthen network defense, pursues multi-level, three-dimensional security defense system. Then the enterprises introduce a large number of heterogeneous security devices gradually, such as anti-virus, firewall, Intrusion Detection System (IDS), Vulnerability Scanning and etc. However, the existing network defense system is mainly isolated and lack of effective collaboration. This causes new challenges to network security.There are so many security devices in the network, and all of them have a platform of their own. The administrators need to know how to use every platform. It is a very complex work. Further more, the number of alerts will rapidly grow with the increase of the size of the network. And there are a lot of false positives and a part of false negatives. The administrators are too busy with dealing with so many false positives to find true alerts. So, the security problem is always there.This thesis has conducted deep research to the key technologies of network security management system, summarizes one kind of data acquisition, and introduces its principle and architecture. In this paper, the key technology is further studied and a comprehensive multi-source data collection method is summarized. They are performed as the foundation for data analysis in unified network security management platform. At last, this thesis gives the future work of data collection technology.更多还原