【作者】 王亦兵；

【导师】 杨树强；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2010， 硕士

【摘要】 互联网是关键的国家信息基础设施,对互联网网络安全状态的实时监控是确保互联网有序运行的关键,而对互联网网络安全状态的监测分析是对其进行实时控制的前提。联机分析处理技术(OLAP)是一种重要的数据分析技术,可用于互联网网络安全状态分析。OLAP高效数据分析需要数据立方体的支持,网络安全数据的海量性和持续产生性不适合数据立方体的构建,从而制约了OLAP在互联网网络安全状态监测中的应用。本文提出了一种基于数据流管理系统的数据立方体构建方法,应用数据流管理系统对互联网网络安全监测数据进行预计算,对数据立方体进行实时增量更新和维护,本文的主要贡献如下:1.在对网络安全监测数据的数据流特点以及数据流处理技术、OLAP技术进行了深入分析的基础上,提出了根据时间切片的数据流立方体构建方法,并对该方法的有效性进行了分析。2.针对构建立方体过程中大型维表连接非常耗时的问题,提出了改进的表连接技术,并对数据流处理模型进行了优化,通过实验验证了该方法的有效性。3.提出了使决策人员可以注册大窗口查询的混合数据库模式(基于DSMS和DBMS)的概念。根据混合数据库的特点设计了数据流立方体的增量维护算法,并通过实验验证了算法的有效性。4.针对网络安全监控的需求,基于上述技术,设计并实现了网络安全分析系统的数据立方体构建子系统YH-STREAM。该子系统支持海量数据流的时间切片数据流立方体的构建,并提供了基于混合数据库的存储与查询。该子系统已经部署运行。更多还原

【Abstract】 Internet is a national key information infrastructure. Monitoring and controlling the Internet network security incidents in real time is key to insure Internet running normally. Monitoring and analyzing the state of Internet network security is the precondition of controlling it in real time. On-Line Analytical Processing (OLAP) is an important technique of data analyzing, which could be used to analyzing the state of Internet network security. Data cube is needed for efficient OLAP data analyzing, however, the construction of data cube is not suitable for network security data as its characteristics of burst and massiness, which limits the application of monitoring the state of Internet network security.This thesis proposes a Data Stream Management System (DSMS) based method of construction of data cube, which pre-calculate the Internet network security monitoring data with DSMS, update the data cube incrementally and maintain it.The main contributions of this thesis are summarized as follows:1. This thesis proposes the construction method of Time-Sliced Stream Cube(TSS-Cube) on the base of profound study of characteristics of network security monitoring data stream, techniques of processing of data stream and OLAP techniques.2. This thesis proposes improved table joining techniques, because in the procedure of constructing data cube, big dimensional table joining is very time-consuming. This thesis also tests its validity.3. This thesis proposes the concept of hybrid database mode (based on DSMS and DBMS), which offer the policy makers the convenience of registering big-windowed query. According to the practical context, this thesis raises the data cube incremental update algorithm and tests its validity.4. Since the need of network security monitoring, based on the techniques above, this thesis implements YH-STREAM used to constructing data stream cube which is the sub-system of network security analysis system. YH-STREAM supports the constructing of TSS-Cube, and hybrid database based storages and queries. This sub-system has been deployed already.更多还原