| With the development of the globalization of information, Information and Network technology has been changing the way of our political, economic, and cultural life, in the meantime it has threatened the information security. This paper takes the analysis of the security events as the starting point, it then introduces the concept of network security event management and describes the key technologies in security event management in detail. A distributed network security event management system based on host sliding window is proposed in this paper, it can collect, preprocess, correlate the security events, realize the unified and efficient management by way of converting the low-level events into a higher level. This paper mainly completes the following aspects of work.Firstly, through the research on the architecture of security event management system, with the actual network environment it proposes a tree distributed network management architecture. The architecture not only solves the problem of overwhelming central servers in traditional centralized management structure, but also contributes to the optimal allocation of resources to improve the performance of security event management.Secondly, it proposed a host time window based security event management model. This model extracts the general information of kinds of security events for further processing. Then it changes the way of dealing with events by transferring the event process from database into memory, which greatly improves the efficiency of event management. Besides, this paper gives the specific methods of the application of host time window in event management.Lastly, based on the research above this paper designs and implements a host time window based distributed network security event management system. It then describes the implementation principles and techniques of each module. |
PDF Full Text Request