【作者】 杨庆民；

【导师】 韩伟红；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2008， 硕士

【摘要】 互联网正在成为国家关键信息基础设施,事关国家和全社会的根本利益。随着互联网技术的飞速发展,针对网络信息系统的恶意攻击正向着分布化、规模化、复杂化、间接化等趋势发展。因此迫切需要研究新的技术以实现对大规模网络信息系统的安全态势进行实时、准确的感知、监控和分析。如何在复杂的海量监测数据中对当前的网络安全状态进行获取、理解,发现潜在的变化趋势,从而把握大规模网络的宏观安全态势,是我们研究工作的出发点。联机分析处理(OLAP)技术是实现对大规模网络监测数据进行近实时综合分析的重要手段。OLAP通过对信息的多种可能的观察形式进行快速、稳定一致和交互性的存取,允许管理决策人员对数据进行深入观察,具有极大的分析灵活性。数据立方体的有效计算是支撑OLAP分析的关键。只有预先计算数据立方体的全部或部分,才能大幅度降低查询响应时间,提供联机分析处理的性能。如何在存储容量、计算能力的限制下,寻找到计算部分数据立方体的可伸缩的办法,在数据立方体的时空开销和查询响应性能之间进行微妙的折中,是本文工作的核心问题。基于网络安全态势的感知、监控和分析对实时性的需求,本文研究了数据流上的联机分析处理。数据流上数据立方体的计算其时空条件更加苛刻,研究有限时空条件下数据流立方体的部分物化方法,是本文工作的重点。本文的主要工作概述如下:1.介绍了数据立方体的基本概念和模型定义,讨论了数据立方体的实现方案,对各种数据立方体计算算法做了总结和深入分析。2.分析了数据流上的联机分析处理的特点,总结了数据流立方体的设计需求,提出了多层次倾斜窗口模型,在有限的时空条件下通过时间维有效的压缩了数据流立方体的体积。3.提出了一种新的数据流立方体部分物化方法—基于Dwarf结构的多维数据流立方体框架StreamDwarf,并给出相应的计算算法,包括增量更新算法和查询算法,并对算法进行实现,给出实验测试结果。4.研究开发了基于StarOLAP平台的网络安全态势分析系统,实现了对海量网络安全监测数据的多维多层次、近实时的综合分析。更多还原

【Abstract】 Internet has become the key information facility of our country. With the rapid development of Internet technology, vicious attacks against network information system tend to be distributed, complicated, indirect and scalable. Thus it’s impendingly required to research for new technology to accurately acquire, monitor and analyze the security situation of large scale network system in real time. Figuring out methods to acquire and interpret current security state of the network and disclose the underlying changes to grasp the general security situation is where our study begins.OnLine Analytical Processing (OLAP) is an important technology to do integrated analysis on the massive and complicated network monitoring data. By rapid, consistent and interactive access of information from various possible viewpoints, OLAP allows the analysts to observe data in depth, providing greate flexibility.Efficient computation of data cube is the key to support OLAP analysis. To get OLAP capability, we have to precompute the whole or at least partial data cube in order to reduce the query response time. The core problem of our study is to find out scalable techniques to compute partial data cube under restraints of storage space and computation power to get a balance between data cube’s computation&storage cost and query response time.Since the acquirement, monitoring and analysis of network security situation is often required to be done in real time, we proceed to the study of OnLine Analytical Processing on rapid changing streams. With streams, the data cube computation has a more rigorous restrict on computation time and storage space. Studying partial materialization techniques of stream cube under restraints is the emphases of our work. We summarize our work as follow.First, basic concepts of data cube are introduced with discussion of its implementation schemes followed.Second, the characteristics of OnLine Analitical Processing on data streams, and the design requirements of stream cube are analyzed. Then a hierarchical tilted window model, which decreases the size of stream cube to adapt to the computation and storage constraints, is proposed.Third, a new method for partial materialization of stream cube, a Dwarf-based stream cube framework called StreamDwarf, is proposed. The corresponding computation algorithms, including incremental update algorithm and query algorithm, are developed. Then the algorithms are implemented and testing results are presented.At last, a prototype for network security situation analysis, which is based on StarOLAP platform and is capable of multi-dimensional, multi-level and integrated analysis on the massive network monitoring data in real time, is developed.更多还原