【作者】 薛倡新；

【导师】 苏金树；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2006， 硕士

【摘要】 网络安全是网络时代研究的热点问题之一。而对安全数据进行有效分析是安全领域和安全解决方案的核心和基础。本文针对骨干网络安全事件数量非常大的特点,提出基于分页思想对数据进行整合并提取各种数据特征模式、从而对网络安全状况的现状作出正常与否的判断,并对其发展趋势作出预测。考虑到数据分析处理需求的不确定性和复杂性,本文设计提出基于LAMP架构的安全数据处理系统atanasis,以web服务的方式对外提供数据分析查询功能。本文采用理论研究与工程实践相结合的研究方法,主要工作有:(1)在综合分析常见安全问题的基础上,对当前主要安全解决方案进行了深入对比研究,总结出安全解决方案的核心问题是数据处理;(2)研究了利用数据分页技术整合海量安全数据的相关问题;在分页数据的基础上,提取各个分页印章(统计分布特征)以加快数据分析查询;然后研究了对数据分页的整合技术、以提高对跨页查询处理的支持;之后还分析提取了若干数据特征模式。(3)研究分析了采用分布式数据集群服务器架构以有效平衡数据查询负载、提高平均查询响应时间的问题,并且对数据查询任务在集群服务器之间的调度算法进行了重点研究,提出了Double-Robin调度算法;最后还研究了任务完整性控制协议。(4)研究实现了基于LAMP机制的原型系统,该原型系统对数据的录入、数据维护都作了相应处理;最后对原型系统进行了若干测试,并给出了结论。本文的原型系统在某部的网络中得到了应用,通过对某部网络出口安全事件数据的分析得到了良好的效果。应用结果表明文中所做工作较好解决了兼容异构数据和高效数据查询等问题,所设计的系统框架具有良好的可扩展性和通用性,为公网安全与预警项目奠定了扎实的应用基础。更多还原

【Abstract】 As the development of the network technology, security issue becomes one of the most important problems in the field. And the effective data manipulation lays the basics of all the security settlements.In order to process large a mount of security data filtered from the network, the method of data paging is used. Also, data integrate and pattern process is conducted based on it. With data paging, the data analysis to gather network situation and security trend can be well achieved.But the requirements of data analysis is not so obviously decided, the system named atanasis with LAMP structure is adopted. The system provides its data analysis function as web service.The paper is conducted in the process of the coding work, as follows:1. After deeply comparing the several different network security settlements, it gets to the major problem of data processing;2. The paging idea is thoroughly introduced with its according details. It also focuses on the page stamp evaluation and page integration.3. It introduced the multi-server framework to keep the data query load in balance. And with the task dispatching algorithm analysis, it also gets to the more adaptive Double-Robin dispatching algorithm as well as the task integration control protocol.4. The prototype with LAMP kernel structure is created. And with this framework, both the data loading and data management are optimized. Also, there are test in the end.The system has met it application in the real network environment. With the analysis of the security data from the network outcome, it shows a good effectiveness and performs well in data compatibility and fast data query, as well as the sound usability. And most important of all, it lays the extensible basics for the project of "Common Network Security and Alarming".更多还原