| Along with the rapid development of Network, surfing on the Internet has become an indispensable part of people’s life. However, those new technologies who propel the technology growth and innovation such as Cloud Computing, Third Generation Technique and Internet of things also bring lots of security hazards to our network environment. To cope with these capricious challenges, deploying firewalls, anti-virus software, IDS and integrated devices can establish a’security fort’for network. Nevertheless, the rules of those security devices are different from manufacturers to manufacturers, causing the distinction in addressing the security hazards. As a result, those devices are independent from each other with different data structures, forming thousands of isolated’islands’of security defense and information, the situation that the network administrators can not observe the real threats among mass of data.Aiming at solving the above problem, security management platform products are released by some security firms. However, how to handle the security events based on mass of heterogeneous information sources is not only the core but also the obstacle of this platform’s development. In the circumstance that traditional log collection and database inquiry are no longer efficient, a technique named network security situation awareness on the basis of data fusion and association analysis emerged.This paper designed a network security management platform with the capability of security check and situation awareness based on the analysis and research of former works, a system with distributed multi-layer structure that optimizes the capability of network management. This platform has the function of security check which implements the examination for network security profile from eight different aspects, such as Network access ability, network security isolation exchange capacity, network attack detection ability, leak detection ability, network virus prevention capacity, leak repair ability, host safety management ability and network security management and supervision ability, achieving the holistic system evaluation and reflecting the actual security situation. This paper designed the rules of security check, and proposed the implementation methods and running interfaces for those rules. This platform also has the function of situation awareness by adopting the process of priority determination, risk assessment and data association for security events. A value yielded by that process means the implementation of network situation awareness. This paper puts forward a process of network security situation awareness. What’s more, this paper designs a security events data structure that fits for the system based on the prototype of IDMEF data model. This new structure can not only describe the security event, but also manage the devices, an improvement that fulfills the pragmatic requirements. Applied in the program design process, this data structure can reduce the redundancy and raise the efficiency in programming. |
PDF Full Text Request