| As the network technology developing at a very fast speed, the network security situation increases more seriously and security problems gets more and more attention. The enterprises network deployed a lot of security equipments such as firewall, anti-virus, IDS, authentication, security audit to keep the security of the network. Because different security devices generated so many events and evaluated the network in different way, the network security state was still not ideal.One outstanding problem is that lacking of ideal analysis and coordinated way to handle security events produced by heterogeneous security devices, the existing network technology and management ways to analysis massive historical data is simple.To solve these problems, information security monitoring and analysis systems was constructed to centralized monitor and manage the whole network, the paper designed system architecture and application architecture and made detailed study of the system acquisition layer. It proposed the security event log collection schema and real-time traffic data collection schema by using agent-based SYSLOG protocol and hardware probe technology, adopting the idea of message oriented middleware (MOM), designed data transmission model and schemes of data sending and receiving, the acquisition layer provides accurate and reliable data to analysis layer of system. On the basis of the above researches, the paper made network security assessments real-time using analytic hierarchy process, and studied on partical swarm optimization (PSO) and least squared-support vector machines (LS-SVM) to make pre-judgment of network security situation and its trend. Based on PSO+LS-SVM, structure and functions of security situation prediction model are designed and implemented, as the prediction module of system deployed in real environment. Experimental results show that it has greater application value. |
PDF Full Text Request