| As a new standard of data interchange in internet, XML(eXtensible Markup Language) has characters, such as good storage format, good expansibility, good structure, good convenience of network transmission and so no. And now people are paying more attention to this new standard.What's more important is that XML can actualize information communication between different platforms and systems, so XML has very strong universality.As people are attaching more and more importance to network security, diflFerent factories have zealously developed different platforms and kinds of network security products.But network security is a great system structure, and there has none of single product that can meet the need of whole network security now, and it needs all kinds of products to arrange in pairs or groups.So it is very difficult to for network information to communicate, especially to synthetically analyzed for every network security product note information. XML can meet with this demand satisfactorily.Here, we design network security system log management center to synthetically analyze log information from different network security system and to distill useful information after filtering, querying or inquiring a mass of log information. In this way, we can has a all-sided and holistic control about whole network information and accordingly relocate network purposively. So we can achieve purpose of cooperative defence and buildup defence of whole network.Network security log management center is made up of transform module, statistics analysis module, and policy reconfiguration module.After obtaining log information of network security products that are database formats, transform module will transform the database formats to XML formatsbased on certain format.In transform module, we should connect with and then get log sources firstly by technology of ADO(Active Data Objects), including technology of long-distance database connection and local database connection. After obtaining log sources, format of DTD of network security products should be defined firstly, including correlative technology of XML, knowledge of network half-structure, and log information that is described by XOEM (extensible Object Exchange Model).We discuss the universal formats in details of firewall, inbreaking monitoring system and network watching system and convert log information into documents of XML format by mapping between established DTD format and database.By relevant arithmetic of statistics, statistics analysis module analyzes and deals with log information of XML format, and obtains synthetical analyse results.The object of statistics analyse is document of XML format, so we need XML application programme interface DOM (Document Object Model ) and SAX (Simple API for XML) to parse firstly, and then use XMLquery language XQuery for query and statistics.Simple and complicated statistics analyse is used to obtain more synthetical and accurate results during the process of statistics analyse, and at the same time, we carry through explore and attempt to the distilling technology of blurry regulation.Based on results of analyse, policy reconfiguration module evaluates the operation state of whole network, establish optimized policy, and hand out new policy to realize reconfiguration policy based on different advantages of every network security products.Policy reconfiguration module is designed referenced to policy module frame of IETF/DMTF, and is divided into policy obtainment, policy optimization, policy compilation, and policy distribution.We carry out material realization, including connection to data sources, foundation of DTD format, transform database to XML format and statistics analyse and visitation intensity based on fuzzy rule. While at present policy reconfiguration can be realized only by manual relocation work.
|
PDF Full Text Request