| In recent years, Internet has got considerable development in the world, but the security question of the network itself seems even more important. The network security is threatened mainly to pass the intrusion of the information system of network. Set of any network activity of integrality, confidentiality or the credibility that attempts to destroy the information system that the network intrudes to mean. The present network security relies on the protection of the fire wall mainly, however, hackers can break through or move round the fire wall to attack, at the same time it is powerless too in operation to users' mistake within the network. The constant attack brings very great threat to protected data on the network. A lot of tool of in this respect collect relevant information through detection system and weakness and question of' disposition of network. So network security needs to adopt diversifiedly, the means of many styles come to guarantee. In the present WAN security practice, the security prewarning research of WAN is undoubtedly one of the hottest technologies. Security prewarning system can be measured out attempting to the invasion or invasion of a certain system, and react in real time.The paper has proposed the realization research of security prewarning system of WAN. The technology of a kind of WAN security prewarning system is introduced in detail. WAN security prewarning system consists of incident produce module, incident analysis module, security prewarning model and incident respond module. The incident produce module has adopted more high-efficient Netflow technology. And carry on the rational filtration association to the initial data that are gathered, more useful data will be stored in the database. The design of WAN intrusion detection engine is realized by means of layers of type data analysis, statistical method and data mining technology combining together, firstly, Using the traditional statistical analysis method, the initial data is analysed cursorily at first time, and store the data result into database, then, Use data mining method, establish data warehouse, create Multidimensional data tables and OLAP. And send analysis results to the design of the security prewarning model module, through the analysis result that is sent, establish normal value, set up an anomaly detection model. Measure the incident of reporting anemergency and asking for help or increased vigilance in the network in measuring models, enter the next grade to link and react, the incident responds and controls the module, in the responding unit, the effective measure (abandon the data and wrap up, report, write down) has been taken to deal with the intrusion incident. The system has realized data collection, washing, change, store, setting-up multidimensional data tables, analysis.data, creating rules, building the model and responding. |
PDF Full Text Request