Research, Design And Implementation Of Warning System For Network Attack

Along with the development and popularization of the computer network and related technology, E-commerce, such as the network shopping, network payment, mobile payment, is gradually coming to public life. The security problem of network has directly affected the social economic life. Compared to IDS, IPS and network security assessment, network security warning is more direct, safe and effective. Traditional network security products can't guarantee the protected network against constantly emerging new threats. The essential of early-warning technology is to offer early notification about active dynamic attack so that security administrator can predict and estimate the risk advancedly and intiativly, and then make early prevention. The research on early-warning technology mainly covers three aspects: research on network intrusion, research on detection model, research on analysis strategy of audit. By combining these technologies together, we could form an interactive-developing organism. The warning system for network attack described in this paper focuses on the first two aspects especially the research and implementation of the detection model.This paper does some lots of research on alert aggregation algorithm and and the framework of early-warning system for network attack. On the basis of these researches, the paper proposes an extensible framework of network attack early-warning system after in-depth study on threat collection tools, alert correlation algorithm, related systems, DoS attack detection algorithm, common network attack methods and general prediction models. Next this paper briefly illustrates the whole structure of the proposed framework, especially the design and implementation of the alert aggregation and attack detection module of it, and the main work of this paper is based on this.At first, this paper introduces the background knowledge for designing networking early-warning system, and then does the overall related system architecture design, algorithms description and core module implementation. After the concrete analysis of the system, this paper finishs the general design of alert collecting subsystem, alert aggregation subsystem and attack dectection subsystem and detailed design of some important modules. At last, the whole paper's organization is summarized.