【作者】 张艳丽；

【导师】 曾凡锋；

【作者基本信息】 北方工业大学 ， 计算机应用技术， 2011， 硕士

【摘要】 本课题主要研究了如何将面向对象的XML应用在网络安全管理平台对于网络安全事件数据的处理上,以实现平台的可扩展性。网络安全管理平台对受管的网络区域实行全面的,实时的安全监控,最大限度的确保整个受管网络的安全。网络安全管理平台实现全局安全防御的关键是对捕获到的安全事件及时作出相应的处理。安全事件来自于不同类型的安全设备,主要的安全设备有：防火墙,IDS,非法外联,杀毒软件等。同一类型的安全设备可能来自不同的厂商,网络中新的安全问题不断产生,原有的设备也会升级,更新换代。网络安全管理平台需要有更好的扩展性和灵活性,可以方便的添加各种不同的安全设备,更好的处理这些设备捕获的安全事件,以达到对受管网络更加全面及时的防御。面向对象的机制有很好的建模能力,如：封装,继承,多态性等。将面向对象的特征加入到XML中,使XML语言也具有了建模能力。由于普通的DTD解析器不支持面向对象的机制,所以首先需要制定一个针对安全事件的扩展DTD解析器,去解析面向对象的特性。当平台添加新的安全设备或者处理新类型的安全事件的时候,用面向对象XML封装安全事件数据,通过DTD解析器对继承语义的解析,就可以继承原系统中已有的抽象事件处理类,从而获得事件的处理方法去处理事件数据。本文对扩展DTD解析器的设计、实现以及对安全事件数据的具体处理都做了详细的介绍,最后也给出了测试结果。将面向对象的XML应用到网络安全管理平台上处理安全事件数据,实现了平台的扩展性,同时也减少了对原系统的改动量。改进后的网络安全管理平台就可以从容的应对各种不同的安全设备,处理它们捕获的安全事件,实现了对整个网络环境更加全面及时的保护。更多还原

【Abstract】 This project mainly researched that how to use Object-Oriented XML on the network security management platform and use which to handle the security incident data in order to implement the platform’s scalability. Network security management platform monitors the hole LAN to implement a comprehensive regional network security monitoring and make timely response to security incidents then handle the incidents, try its best to protect the hole LAN. The critical point of the network security management platform to fulfill its global security defense is timely capturing all kinds of incidents and handling them. Security event datas come from different types of safety equipment. Safety equipments mainly include:firewall, IDS(Intrusion Detection System), illegal outer connection, anti-virus software. The same type of safety equipments may come from different vendors,network security prolems continuously emerge which issues in the original equipments’ replacement, renewal and upgrading. What we can do to make the network security management platform has better expansibility and flexibilityso that it can easily add a variety of safety equipments. Then the platform can better deal with these security event data the equipments captured in order to achieve more comprehensive defense.The mechanism of object-oriented has perfact modeling capacity,such as:encapsulation,inheritance,polymorphism, etc. Adding the object-oriented features to XML, the XML language also has a modeling capability.Beacause of the general DTD parser don’t surport the mechanism of object-oriented,so a extended DTD parser especial for security incident must be designed and implemented first. The parser can parse the object-oriented mechanism.When adding new equipment to the network security management platform or handling new type security incident, use Object-Oriented XML to package the security events that the equipment can capture,then use the extended DTD parser parse the mechanism of inheritence in order to inheriting the original system’s abstrat security incident handling classs and obtain the class’s menthod to deal with the event data.This paper have made a detailed description about the extended DTD parser’s design and its implement also include the process of dealing with the security incident datas. In the last of the paper the test results were given out.Using Object-Oriented XML on the network security management platform to deal with the security incident datas which can fulfill the platform’s scalability, in the meantime extremly reduce the amount of changes which need to make on the paltform.The improved network security management platform can leisurly respond to new types of equipment and there security events,therefore it can achieve a more comprehensive and timely protection for the whole network environment.更多还原