Research On Network Security Situation Fusion Analysis Method Based On SFlow And SNMP

With the continuous improvement of network technology, today’s networks networkformation, network composition, network applications and so tend to be complicated.Accompanied by the complication of these network factors, flow in the network surges, loadof network equipment increases with the size and complexity of the information on theamount of data transmitted in the network, including the various normal data transmitted anda variety of invasive data. These factors constitute a serious challenge to the security of thenetwork and the availability of network equipment now and then.As a new technology booming in the field of network security through the multi-sourceheterogeneous data detecting network to obtain current network status and predict the futurestate, network security situational awareness technology can identify,defense and warn beforeabnormal behaviors occur such as network attacks. In terms of the application characteristicsof sFlow and the SNMP in the network security situation field with the method of cutting intothe Data Fusion Algorithm and improving network security situational awareness data sourcesof, it enhances accuracy and real-time of situational awareness.This paper describes the researching status of network security situational awarenessboth at home and abroad, combined with multi-source heterogeneous data acquisitiontechnology. It points out that the Data Fusion Technique occupies a key position in situationalawareness.Second, the focus of the thesis is sFlow data formats and sampling mechanisms, theSNMP data formats and the transport mechanisms. It’s designed according to thecharacteristics of the two multi-source heterogeneous data to achieve the function ofacquisition. The following is the analysis of the complementary advantages of the two in thefield of network security situational awareness.Again, according to the characteristics of multi-source heterogeneous data sources,combined with network security situational awareness, putting forward the RST-DS datafusion algorithm. The algorithm combines with the rough set theory and powerfulcomplementary of evidence theory. Network security situational awareness events areclassified and simplified and converged of evidence. And finally the security situation is analyzed.Finally, the designment accomplished network security situational awareness data fusionanalysis verification system, combined with simulation tools to simulate and analyzemulti-source heterogeneous data, verifying the advantage and the role of the fusion algorithm,and pointed out its shortcomings and future research directions.