Research And Implementation Of The Security Event Management System Based On STAT Technology

Along with the development of Network and Information Technology, more and more kinds of security threats appeared which cannot be resolved by single security technology. Solving Information security problem needs integrated security architecture include Firewall, anti-virus, VPN, IDS, port scan engine and so on. But according to the authority investigation corp.'s investigation, the security threat is still serious under the integrated security architecture. This makes the people to realize the importance of Information Security Management. So nowadays the emphasis of Information Security has been moved from the Product-centralized to the Management-centralized period and the Information Management System (IMS) presents. Generally, the IMS should at least include such subsystems: event management, policy management, asset management, identity management and emergency response.As the core of the IMS, the Event Management System (EMS) plays an important role which implements the event collection, event analysis, severity assessment and event aggregation. It could not only be the subsystem of the IMS, but also be a single system.In this article, an EMS is designed and the Security Event Management System (SEMS) is implemented based on the STAT technology which supports different kinds of events from different products and uses different kinds of event correlation methods include asset correlation, clustering correlation and sequence correlation.The SEMS requirement analysis is based on the content and object of information security and the problem in information security. The main works been done in this paper is listed below.1) Find the critical technologies in SEMS and give related solutions. During such progress, an event model is defined for the SEMS which could support many kinds of events from many different products,2) Defined an event correlation model which could adopt many event correlation methods. These correlation methods combined could reduce the negative and positive alarms and identify the complicated attacks.3) Design and implement the SEMS based on STAT technology, make detail representations on the whole fracture and the every module.4) Give an actual example on representing the SEMS and reveal the feasibility and validity of the system.