Network Security Management Platform Based On Information Correlation

With the development of network security protection technology, more and more security products have been applied to network protection. These diversified security devices made so much security information that security management becomes extremely difficult. In this thesis, a framework of Security Management platform based on information correlation is designed to collect security information, correlate security information, respond security event and manage kinds of network devices. The main work in this thesis is summarized as follows: (1) Bring forward a correlation model based on preparation, recognition and response of information correlation, and establish a framework of security management platform consisting of collection agent, correlation engine and control platform to execute information collection, events correlation ,information displaying and device linkage. (2)Design information collection agent which can format information and reduce information amount through information standardization and merger. (3)Design real-time correlator using pattern correlation, vulnerability correlation and statistical correlation to reduce the volume of security information, depress false-positive and evaluate real-time network risk. (4)Design off-line correlator which can construct attack scenarios and reveal the relationship of IDS alerts. (5)Design a graphic console to display correlation information, and implement device linkage based on SNMP protocol. The security correlation framework based on security information correlation in this thesis can be used as reference for developing domestic technologies of security management platform.