Design And Research Of Security Event Analysis Platform Based On Data Mining Technoledge

Computer and internet are changing our society but, it also leads to information and net security problem. Administrator have spend large quantity of resources to purchase net security software like firewall, anti-virus program, trying to protect the integrality and safety of website and its information data, to prevent any attack coming from outside or inside of web. But, all these security programming and equipment are keeping recording real time data in form of log and warning, which already became the important resource for defending, detecting and responsing to any security event. However, in real web application, these security data are in huge quantity and somewhat in a mass which can not be used directly as effective information. So deeper analysis to these data is necessary, hoping we can find any useful info. With current database technology, we can write, sort and analysis them with high efficiency, but we can hardly find any potential threat or attack from such huge quantity of data, or foresee the develop trend based on current data. In these years, data mining technology draws more concern in information industry. Because there are lots of data be used widely, and it become more and more important to learn the useful knowledge hides in these data, to use it.In 1980, the earliest theory was pushed by Anderson; we can perform security management and audit analysis based on the known security event. After 20 years researching and developing, it becomes an integrated theory and a practically application system. Through the researching and analyzing for the researching status in home and abroad, we found most products aimed at the analyzing and managing for the log of the security event. There were lots of excellent researching finding and product among them. In the presence of mass reticula data, it was not enough to analyze and manage the known security data using traditional auditing technology. And then, many organizations and companies in home and abroad actively research and design various management product based on data mining technology.Whereas the above mentioned, we are focusing on the research of data mining for data security analysis platform. Put the data mining and relative technology to the analysis of internet safety event, can not only solve the shortcomings by the traditional audit techniques management, but also effectively acquire useful data by users in a sea of information. So the threats or security can be easily and accurately foreseen, analyzed and evaluated.Based on the theory mentioned above, with building a company project, this paper has realized a safety analyses platform found on B/S configuration. The server takes charge to collect, analyze data and take the analysis to the browser before the user. This platform evaluates the internet safety status through mining and analyzing the different source data safety event. The function of this platform is using data correlation analysis technique instead of analyzing the data individually from different data source by traditional way, by the pre-programmed database to match and analyze the data, then express the matching degree of the reliability. So the safety of the internet is clear for the users. According as the user demand, the mode libraries can be constantly updated, and the fresh threat can be added to the mode rules. For these correlative events, using heuristic evaluating method, judge if the security event will be a security incident according the risk value. Users can make response based on the relative status information behind analysis.This paper involves two parts. One is the collection and the pretreatment for the safety events. Various safety events are involved in the internet. The thesis analyses the logs and alarm information which produced by the internet security devices such as IDS, Firewall, Router, Gateway, etc. The other is lucubrating and analyzing data in database, putting the correlative analysis of data mining and the mode identifying of the artificial intelligence on it, discovering knowledge hiding in the mass of data, judging the safety status of current internet security, this is the core content of the researching.A major application researching goal of this paper is to provide some service for the departments holding several internet security devices and large computer network. 1. Using data mining and correlative technology, solve the problem, that human is hard to manage the great number of safety events and lack of the focus the analysis for the data come from different data source. 2. Providing an all-compositive events responding system, including constantly updatable rule library for the matching of the security events information. 3. Assisting users for dynamic calculating risk based on the real-time analyzing result for current internet status.Shortage and future expectation: 1. This platform exists similar bug liking many of other internet safety evaluating softwares, it is hard to realize verifying. Especially for the mode rules in the mode library, many functions are hard to be verified under the experiment mode. 2. The function of platform only promote for the potential threat, have not take relative actions. 3. The data information of the internet safety events come from different data sources. Oversize data takes the server heavy load, so there could occasionally be crash in using. Aiming at above shortages and based on current researching, hope keeping up deeply researching for data mining and neural network technologies etc., making more improvement and perfecting for this system.