节点文献
网络安全监测数据集成关键技术的研究与实现
Research and Implement of Key Techniques for Data Integration of Network Security Detect Data
【作者】 陈志坤;
【导师】 杨树强;
【作者基本信息】 国防科学技术大学 , 计算机科学与技术, 2009, 硕士
【摘要】 互联网正在成为国家关键信息基础设施,事关国家和全社会的根本利益。随着互联网技术的飞速发展,针对网络信息系统的恶意攻击向着分布化、规模化、复杂化、间接化等趋势发展。因此迫切需要研究新的技术来对网络攻击进行主动的防护,而网络安全监控技术作为网络安全防护的重要手段之一,已成为当前研究的热点。本文在深入分析了相关的数据抽取与集成以及数据流技术的基础上,对网络安全监测中数据集成关键技术进行了深入研究,本文的主要工作概述如下:1、针对网络安全监测中数据抽取过程比较复杂的问题,设计了一种基于正则表达式的数据抽取与集成转换方法,从而能够抽取各种安全探测工具中的网络攻击数据,并且支持异构探针的动态接入。2、针对在对网络安全态势展示中数据处理出现的延迟性,设计了一种数据流与数据库的混合连接查询算法,对数据流进行预处理,加快了后续的查询速度,从而在网络安全态势展示中达到近实时的效果。3、基于上述的研究基础,在网络安全态势分析与预测系统YH-SOC中实现了上述算法,并对以上技术的有效性进行了验证。
【Abstract】 The Internet is a national critical information infrastructure is vital to state and the fundamental interests of society as a whole. With the rapid development of Internet technology for network information system towards the distribution of malicious attacks, large-scale, complex, indirect and so on trend. There is an urgent need to study new technologies to take the initiative to attack the network protection, and network security monitoring is the basic technology of network security protection, which has become a hotspot of current research. This paper in-depth analysis of the data extraction and integration techniques, and data flow techniques, and then we will in-depth research the key technologies of data integration of network security monitoring data, the major work of this paper are summarized as follows:First, for network security monitoring data extraction process is complex, design of a data extraction and integration method which is based on regular expression. It can extract the data and complete the format conversion from a variety of security network attack detection tools, and it also supports dynamics access of the heterogeneous probe.Second, targeted at the security situation on the network show delays in data processing, design a hybrid connection query algorithms between data flow and database, it can pre-process of data streams to speed up the follow-up of the query speed, resulting in to achieve near real-time display network security posture.Third, based on the above research base, implementing the above algorithm in YH-SOC system which is a system to analysis and forecast of the network security situation, as well as the effectiveness of the above techniques has been verified.
【Key words】 Data Extraction; Data Integration; Data Transform; Data Stream; Join Queries; Network Security Detect;