Strategic Early Warning System Based On Information Fusion Research And Realization

As an important part of network security, Intrusion Detection System(IDS) softwares, such as NFR, ISS, are still main equipments of today. However, with hackers' knowledge keeping on growing, various auto-attacking devices emerge. Moreover, network attacking techniques become more and more complicated, thus the big data flow of network needs higher performance of computer system, and there are considerable problems remaining in the NIDS(Network IDS). Much more attention has been paid on Strategic Early Warning(SEW) technology in the network security field, because of its capability of predicting the probability that the main server would be attacked and presuming the attacking methods and potential results. In this paper, the concept of multi-sensor information fusion is put forward through the introduction and analysis of system model of SEWS&MAS(Strategic Early Warning & Monitoring Administration System) adapted for myriad network environment. So the framework model of historical alerts clustering and that of threat assessment are set up. Many ICs ( Information Collector) are organized to accomplish the jobs that one IC can't afford. The fusion pattern of historical alerts clustering performs to meet various queries for network security statement by using multilevel fusion system structure. The threat-assessment pattern analyzed the threat level to network security through multi-sensor fusion technology with the result of early warning analysis.Based on the fundamental fusion model and application of theory and methods of multi-sensor information fusion to the SEW subsystem, related methods of data mining are discussed particularly and studied deeply in this paper. One systemic method of clustering based on grid & density and that of multifactor threat assessment are designed to adapt for this system.With the help of related members in the project, the author of this paper has taken charge of designation and realization of two function patterns of SEWS&MAS, i.e. clustering pattern and threat assessment pattern.The innovation of this paper are mainly: by applying the technology of multi-sensor information fusion to SEWS, a multilevel clutering model that can be applied to myriad network environment is designed, and the theory model of information fusion based SEWS and methods of correlative fusion process are established.