| With the rapid development and wide application of Internet,the treat mad lossesof network crisis such as w-orm virus,DDoS attack are increasingly expanded,whichmake the network security becoming the key for the next development of Internet andother application of network services Now-the network intrusion and attack behaviortrend toward distributed,large-scale,complicated and indirectly.It puts forward higherrequirement for the technology ofsecurity productNetwork security situational requirement for the technology of security productNetwork security situational awareness is a new-technology for large-scale networksecurity monitor.It extracts various data which can reflect the network status,mad usesthese advanced data to evaluate mad forecast the large-scale network situation Thetraditional network security data collection system can not be a data analysis platformbecause of the multiple data sources mad large data quantity.This article will focus onthe pre-processing technology ofthe basic data ofnetwork security,which applied to thenetwork security data collection,storage and statistical analysis It makes the networkadministrator clearly know-about the network state,forecast the network situation,applythe evidences for analyzing the situational data,assisting to assign the networkresources and make the decision for recovery.This article describes the basic situation of the network security situationalawareness,including the background of network security situational awareness system,the research actuality.It designed an architecture of Front-Agent,and then discussed thecollection methods of netflow data,vulnerability data,service data Finally,weintroduced Rank Decision Tree(RD-Tree)and it'S searching algorithm for efficientprocessing ofthe partial-max/min queries Through experiments,w-e show-our approachhas an efficient processing capability for partial-max/min queriesThe main w-ork is summarized as follows Firstly,w-e will discuss the design ofFront-Agent,integrated with existing network security tools for real-time networksecurity monitoring Secondly,w-e focus on the research of the network security datacollection,including netflow data,vulnerability data,service data Thirdly,multiple-source data combination and pretreatment will be discussed Finally,in orderto reduce the query response time significantly,we take the inquiry optimization ofmullti.dimensional data as research aim... |
PDF Full Text Request