| As long as the information technology develops faster and faster, how to evade security risks, to deal with all kinds of unexpected security incidents became an important problem. At present, the state-level communication platform, government departments, telecommunications operators and super enterprises have their own networks. The scale of networks is large. People pay more attentions to unified management, overall analysis and dynamic monitoring of information systems.The individual network security equipments work within their functions to respond to security incidents, no sharing and exchanging of information, they are isolated islands. Security Operation Center (SOC for short) is a popular solution. By focusing on the collection, analysis of security incidents recorded in the log, it responds to threats in time then reports to security managers in order to evade security risk.This thesis presents and analyzes the exsiting SOC system and proposed a new framework for SOC in the context of specific projects. Based on the new architecture, this thesis made concepts of filtering module and analyzing-normalizing module in log pre-processing. After extensive research, we proposed two mode of the filtering module: PRI filter and field filter; analyzed two difficulties in analyzing-normalizing module: the analysis of of multi-level-structure log and the integration of different log format. In accordance with the current mainstream technology and protocols, this thesis made solutions for the above problems. It also gave a design for new SOC system by separating the procedure and the rules. |
PDF Full Text Request