Research And Design Of Distributed Network Security Warning System

Currently, the network has become the essential tools of work and learning, and the security of network has been the important issue of network applications. A major threat to network security is network intrusion. Network intrusion refers to the collection of information systems integrity, availability, reliability and confidentiality of any network activities. Due to the limitations of a variety of security technologies, completely elimination of the intrusion is impossible. Network security warning system is concerned because it can predict the likelihood and consequences of the main attack by the network security. Network security early warning technology is a new network security technology after firewalls, data encryption technologies, intrusion detection technology and other traditional security technologies. Compared with the passive defense security technology, network security warning technology is a proactive security and defense technology and it’s also a necessary complement to the traditional security technologies. The technology will greatly enhance the network security and defense capability.In this paper, after description and analysis of network security warning system, this paper gives the frame structure of a distributed network security warning systems and the design of the various sub-systems, monitoring network attacks, and comprehensive analysis of all types of information found intrusion tendencies and potential or possible threats. Monitoring center module used data mining technology for network security testing, used correlation analysis based on data mining, classification analysis algorithm for network intrusion data analysis, and set detection rules, the correlation analysis algorithm-Apriori algorithm has been improved to exclude meaningless rules which affect the results, and apply the rules established by the detection of network attacks. Regional warning center module based on data fusion, designed network intrusion prediction and threat assessment model. Uses two key technologies to achieve the integration of alarm data: address associated with map-based correlation algorithm, the alarm data associated with the analysis of the attack path and attacking intent; network security posture assessment algorithms:by computing the period of attack, target, attack source as well as the entire monitoring network attack energy, will evaluate the objects classified as "inform","warning", "Alarm","emergency" four security levels.This paper gives the experimental test after analyzing the system design method, the entire system has reached the desired objectives on the network attack detection, intrusion warning, network Posture Review. Finally, this paper gives the results of experimental tests.