Research And Implementation Of Stream Cube Construction Techniques For OLAP Analysis Of Network Security Incidents

Internet is a national key information infrastructure. Monitoring and controlling the Internet network security incidents in real time is key to insure Internet running normally. Monitoring and analyzing the state of Internet network security is the precondition of controlling it in real time. On-Line Analytical Processing (OLAP) is an important technique of data analyzing, which could be used to analyzing the state of Internet network security. Data cube is needed for efficient OLAP data analyzing, however, the construction of data cube is not suitable for network security data as its characteristics of burst and massiness, which limits the application of monitoring the state of Internet network security.This thesis proposes a Data Stream Management System (DSMS) based method of construction of data cube, which pre-calculate the Internet network security monitoring data with DSMS, update the data cube incrementally and maintain it.The main contributions of this thesis are summarized as follows:1. This thesis proposes the construction method of Time-Sliced Stream Cube(TSS-Cube) on the base of profound study of characteristics of network security monitoring data stream, techniques of processing of data stream and OLAP techniques.2. This thesis proposes improved table joining techniques, because in the procedure of constructing data cube, big dimensional table joining is very time-consuming. This thesis also tests its validity.3. This thesis proposes the concept of hybrid database mode (based on DSMS and DBMS), which offer the policy makers the convenience of registering big-windowed query. According to the practical context, this thesis raises the data cube incremental update algorithm and tests its validity.4. Since the need of network security monitoring, based on the techniques above, this thesis implements YH-STREAM used to constructing data stream cube which is the sub-system of network security analysis system. YH-STREAM supports the constructing of TSS-Cube, and hybrid database based storages and queries. This sub-system has been deployed already.