Research And Implementation Of Statistics And Analysis Of Network Security Event Streams

With the rapid development of Internet technology, the scale of network attacks such as trojan, malicious codes, worm, DDOS attack become much larger and the methods are more various, the losses are more serious as well. So what we need to do is to monitor the network security situation timely and exactly. Only if we statistically analyze the happened network security events and predict the network security trend, could we control the total situations of the whole network and then lead the Internet to develop healthily.The network security events which come from many network security equipments are modeled as continuous transient data streams rather than as persistent relations, and this challenge the timely processing of data streams. After summarizing a series of techniques and problems in the data stream management system in detail, this paper made a further study and discussion on some key techniques including sliding windows model, aggregation of network security event data stream and historical synopsis data structure, etc. The major work of this paper is summarized as follows:1,After lucubrated the feature of sliding window and basic window, we analyze the timely increment aggregation of data stream particularly and also design the arithmetic.2,The ideas of time granularity and hierarchy are introduced in to the window model according to the needs in application. And then put forward an approach to a mult-granularity and hierarchical window model. Based on the hierarchical sliding windows model, MMHA-Tree (Mult-granularity and Mult-level Historical Aggregate Tree) data structure is then designed to process the query of the historical statistics effectively at limited space-time expense is used to conserve historical statistical informations.3,Due to the problem that the joining between data stream and very large DBMS table is very time-consuming, a new techniques is proposed in order to improved table joining, and we also test its validity by experiments.4,Based on the above research base, implementing the above techniques in YH-SAS system which is a system to analysis and forecast of the network security situation, as well as the effectiveness of the above techniques has been verified.