| With the development of network society and the extension of Internet and Intranet, the applications of network become more and more complicated, and the problems of network security become more and more acute, even increase as geometric series. Hackers and viruses bring unprecedented challenges to the network. Although the security technology is also studied more and more deeply, the studies are focusing on separate security technologies at present. Most security products only target single secure flaws, which are not sufficient to meet today's security threats. In order to solve the security issues more comprehensively, Integrating various security technologies and security products to construct a comprehensive network security defense system——SIM (Security Integration Management) is a trend.Based on the analysis about the technologies related to the field of information security, this theme's main point is to research on the OSSIM system based on the correlation engine technology. The system consists of data collection, data correlation, database and console modules, which includes current security field's complete course——from assessment, protection to detection, response.The main work and the feature are as follows: The system's architecture, function, flow and working principle are analyzed systemically. And as the core technology of SIM, the correlation engine technology and its algorithm are researched in detail. Based on the above work,the system is implemented in Linux environment,and test the event sequence correlation. |
PDF Full Text Request