| With the application of fiber optics communication and the technology of the high speed area net, the network bandwidth and function all had large promotion. It put forward the new request to the technology of network supervising.Among numerous technologies of network supervising which need to be promoted,under the condition of high speed network, how to guarantee online monitor ability without the decline of analysis performance become the focal point question that numerous network security researchers and manufacturers pay great attention to.The existing network security supervision system has already presented a shortage at high speed message capture and vast intrusion alert message analysis, it's in urgent need to high-speed networksecurity supervision system.This dissertation focuses on two core problems in high speed network security supervison system: high-speed packets capture and alerting message fusion[5].We researched the key technology of the sub-system for capture and storage of high-speed packets, carried on a general design of high speed network security supervison system; Preliminarily realized the sub-system for analysis system, presented a model of alerting message fusion, and it can better resolve problems of management of alerts, false positive and false negative; Afterwards, an algorithm for evaluation of attack severity alert is presented;Finally, we tested the performance of packets capture,data loading and alert message fusion. |
PDF Full Text Request