| Recently, network security situational awareness (NSSA) is becoming an emerging topic in network security domain, which generally reflects the status of network security. The choice of data sources is directly related to the accuracy of network security situation analysis. As an important data source reflecting the network security situation, logs affect the implementation of NSSA significantly, in the sense that it is important to make use of log-related data. According to the requirements of NSSA system, it is necessary to design and implement a kind of security sensor, which can collect and analyze the log data from multiple sources, process the log information and provide the unified access interfaces to higher layers.Firstly, the concept of NSSA is introduced, and the importance of log in NSSA is highlighted as a kind of data source. The description and classification of log data sources are provided, in which the feature for each kind of log data source is analyzed in details. At the same time, some popular log analysis tools are introduced, and a kind of typical system on logs is analysed.Secondly, the key techniques regarding to design and implementation of log-oriented security sensor (LOSS) are discussed, and the general solutions are suggested.Finally, for specific application environment, the design consideration and implementation framework are proposed, in which data collection module, data pre-processor, and event generation and demonstration module are described in details, including the function and sub modules of each module. |
PDF Full Text Request