| The complicated network is composed of many security cells. The cells generate vast logs. How to find the potential compromises and attacks from the logs? It isn't easy. In addition, the cells can not be united to defense attacks. The efficiency is very low. In order to improve the network's security capability there must be a security management center to control all the security cells. So the article presents the new architecture of Enterprise Security Management Center based on log mining which is distributed and supports multi-protocol. It is extensible, reusable and migratory. To avoid the complication and low-efficiency by manual analyzing and generating the checking model we make use of dada mining technology to automate the process .The efficiency to identify actionable patterns and construct correlation rules is greatly improved. It is fit to misuse and anomaly. Refer to JMX specification we implement ESMC to coordinate all the security cells.ESMC is comprised of resource interface, JMXAgent, manager, Web Server and Client Browser. It can have multiple managers. Each manager can manage multiple subnets which multiple JMXAgent can reside in. Log resource interface can collect, normalize and aggregate the massive and various log information, generate the consolidating events. JMXAgent can analyze these events by the checking sub-model, emit the notifications which to be listened by manager. Manager can match these notifications by the checking model to find the potential compromises and attacks in the system, cooperate with multiple JMXAgent and make various security cells take real-time actions all together to respond the attacks. So far, ESMC is seldom discussed in China. It is significant to the enterprise network's security management.
|
PDF Full Text Request