| In recent years,with the rapid growing of the network scale, the large-scale network node increasingly large scale and the structure more complex,there are lots of network equipment, safety protection equipment and ASS(Application Service System) deployed on the current network. These devices (system), in fact, produce different event format and also the risk hierarchis standards. Due to the lack of automatic and comprehensive analysis method for mass EI, important security incident cannot quickly be extracted, positioned and integrated, and current network security posture cannot be effectively assessed, also the necessary scientific basis is lack for implementing emergency response, all conditions above-mentioned influence the effect of security and protection.Therefore, we study how to integrate network resources and how to gather analysis of monitoring, analyzing and responding into an organic one. A all-sided, centralized alarm information management and a intelligent, comprehensive incident analysis will bring timely and effective coordinated response or auxiliary decision support, and making overall network defense and improvement of ability of safety and protection comes true by functioning the management system and forming a cohesive force, which above-mentioned not only has the important theoretical significance, but also very important practical value.So, we provide a Hierarchical Risk Assessment Model Based on Large-scale Network(HRAM)and implement prototype of this model, which is based on tight integration of network security manager's demands and current theoretical, practical results we referred and absorbed fully. Firstly, we study deeply the implementation process and the key technologies of network risk assessment; secondly, this paper privates a hierarchical evaluation model for large-scale network. Devided the whole large-scale network into four layers, includes the service layer, the node layer, the local area network layer, and the large-scale network layer. We can get the whole network security status and situation based on assert each layer. Finally, we implement prototype of this model. The system integrates all kinds of event information and log information produced by network equipment, safety protection system, and operating system and application system. The security event information will be identified through pretreatment, and large-scale network security posture will be evaluated through the situation analysis, vulnerability analysis and risk analysis. The system includes the security event management module, asset identification module, threat identification module, vulnerability identification module, risk analysis module and risk prediction module, which will provide auxiliary support to network security management personnel, and improve the efficiency of information security management. |
PDF Full Text Request