| With the continuous development of Internet technology,applications on the Internet increases ceaselessly,and the number of network security incident also shows the trend of augment,which leads to the expansion of serious influence and loss.The response of related security incident is an essential part of network security architecture.This thesis studied and designed an Incident Response Information System based on the requirement of a Security Management Platform.Case-Based Reasoning(CBR) technology is now widely use in artificial intelligence,statistics,machine learning and databases etc crosscutting areas.In the paper,we will study and explore the way to apply CBR technology in an Incident Response information System.The traditional way to create predefined action plan(PAP) is summarized by experienced operator from the historic handling process.The personal limitation will give big impaction on the created PAP.While after we adopt CBR technology,the PAP is created automatically from the historic data.In this system,we will demonstrate a way to generate predefined action plan from the detailed responding action steps executed in emergency response procedure,so the predefined action plan is also a list of action steps,it can be executed directly.We will design a CBR based incident response information system in this paper ,and give the specific designed interfaces.In succession,this paper also design a kind of similarity algorithm based on two-layer structure according to attribute features of emergency cases,to avoid the defect of traditional nearest neighbor algorithm.Finally,an example of the algorithm is verified. |
PDF Full Text Request