| Computer networks have been widely applied in every aspect of people's social life, and the importance of its security is constantly increasing. In response to the network security challenges, various security products like firewalls, intrusion detection systems, anti-virus systems, and identification authentication systems etc. have been widely deployed in network systems. They protect the network in different aspects. And to achieve an overall security, regularly people deploy multiple security facilities of various types in a network. But most of them just have a single function and they lack the mechanism to incorporate with each other, which makes them unable to bring their capabilities into full play. Meanwhile, as the various security facilities are becoming more and more specialized, the need of configuring them and analyzing the massive security information has proposed a high requirement on the ability of the network security operations personnel. These problems make the unified network security management technology as a solution for the overall security management of the network become one of the most enhanced security technology.The unified network security management platform can be used to realize the centralized collecting and processing of security information, centralized monitoring of the network's security status, intellectual auditing of logs, and security events management, the interactions between various types security products. In this way, it can effectively simplify the security management of the network, and improve its overall security level. As the foundation for the security events management, collecting data from security products is an important link in the processing chain of the unified network security management. In the unified network security management area, as the safety equipment types and the information formats vary, realizing the integrated collection and finding a universal representation for the security events and assets context information is an important problem, which can directly influence the ultimate effect of the unified network security management, and for which there still is yet to be an efficient solution.In this thesis, after an overall introduction to the background, the architecture and key technologies of the unified network security management platform, a data collection model is proposed. In this module, for various security products which use the same way to produce security information, only one data collection module is needed, in this way it can effectively shield the data accessing details of various products. The model also proposes a universal representation for the security information from different sources, including the source identification method and the universal representation format. Meanwhile, the model uses a characteristic similarity function based method to solve the redundancy reduction problem. In addition, to meet the requirement of scalability in unified network security management, a configuration distribution mechanism is introduced, which enables the dynamic increase in the number of data sources. Moreover, to deal with the problem of communication security, the model uses the SSL security protocol in communication. Finally, a detailed implementation of the model in a practical unified network security management platform project is also presented. |
PDF Full Text Request