The Application Of Object-Oriented XML In The Network Security Event Data Processing

This project mainly researched that how to use Object-Oriented XML on the network security management platform and use which to handle the security incident data in order to implement the platform's scalability. Network security management platform monitors the hole LAN to implement a comprehensive regional network security monitoring and make timely response to security incidents then handle the incidents, try its best to protect the hole LAN. The critical point of the network security management platform to fulfill its global security defense is timely capturing all kinds of incidents and handling them. Security event datas come from different types of safety equipment. Safety equipments mainly include:firewall, IDS(Intrusion Detection System), illegal outer connection, anti-virus software. The same type of safety equipments may come from different vendors,network security prolems continuously emerge which issues in the original equipments' replacement, renewal and upgrading. What we can do to make the network security management platform has better expansibility and flexibilityso that it can easily add a variety of safety equipments. Then the platform can better deal with these security event data the equipments captured in order to achieve more comprehensive defense.The mechanism of object-oriented has perfact modeling capacity,such as:encapsulation,inheritance,polymorphism, etc. Adding the object-oriented features to XML, the XML language also has a modeling capability.Beacause of the general DTD parser don't surport the mechanism of object-oriented,so a extended DTD parser especial for security incident must be designed and implemented first. The parser can parse the object-oriented mechanism.When adding new equipment to the network security management platform or handling new type security incident, use Object-Oriented XML to package the security events that the equipment can capture,then use the extended DTD parser parse the mechanism of inheritence in order to inheriting the original system's abstrat security incident handling classs and obtain the class's menthod to deal with the event data.This paper have made a detailed description about the extended DTD parser's design and its implement also include the process of dealing with the security incident datas. In the last of the paper the test results were given out.Using Object-Oriented XML on the network security management platform to deal with the security incident datas which can fulfill the platform's scalability, in the meantime extremly reduce the amount of changes which need to make on the paltform.The improved network security management platform can leisurly respond to new types of equipment and there security events,therefore it can achieve a more comprehensive and timely protection for the whole network environment.