| In recent years, the Security Integrated Management becomes a trend in the field of network security. There are numerous security events that are generated by security devices. For the purpose of decreasing the false alarm and the alarm failure of security events, improving the speed of security emergency response, reducing the potential risk, centralized management and integrated analysis required for the security events above.First, this thesis studies the classification and modeling of network attacks, and analyses the characteristics of security events. Based on the conception of attack tree, a network attack model is proposed. The model extends the conception of attack tree by assigning network states to be nodes and assigning network attacks to be edges. The analysis of an attack scenario shows that this model is able to describe the characteristics of network attacks, which is the foundation of assessing security states and performing attack prediction in the Security Integrated Management Platform.Then, according to the proposed network attack model, this thesis proposes a methodology of generating the attack graphs which is based on the production system and RETE algorithm, and designs the whole model of the Security Events Integrated Analysis System. The author implementes the generating and the visualization of attack graph, and then we implement the function of Security Events Integrated Analysis for the Security Integrated Management Platform. |
PDF Full Text Request