The Design Of Network Security Situation Awareness System And The Implementation Of Key Module

It is very difficult to ensure the network security relying only on a single kind of protection technology such as firewalls, intrusion detection, malicious code detection technology. In order to prevent network paralysis and loss of information resulting from network attacks, a technology and strategy are badly in need to help network administrators to keep abreast of the overall health of your network, predict the future development of the network and make rapid responses to the threats to network safety. To achieve the purpose of active defense, it is necessary to assess.the network and predict the network security situation. The perceptive technology of network security situation is drawing great attention and has been a hot research topic.To deal with those problems mentioned above, based on the assessment process of network security situation, this paper designs a model framework of network security situation awareness and situation assessment sub-model framework model that analyzes key technologies like data collection, correlation analysis and situation assessment. On this basis, this paper presents the overall design of the perceptive technology for network security situation and detailed designs for key modules and their technical implementation.The main jobs in this paper are as follows:1. Based on the framework of network security situation awareness, resorting to the idea of hierarchical design, it designs network security situation awareness model framework and situation assessment sub-model. In the model of situation awareness, it designs functions of each level, and analyses the key technologies in the assessment process of the network security situation awareness.2. It designs the overall structure of network security situation awareness system and the system is divided into the interfacial layer and the functional layer. The functional layer is composed of data acquisition, the index system, correlation analysis, situation assessment, security response, situation display and basic management modules, and it gives the relationship between the design of each module and data flow among each module. Each module collaborates to complete the awareness of network security situation.3. Based on the overall structure, it talks about the detailed design of key modules for the awareness system and technical implementation. The specific modules are as follows:Data collection:the basic network data is obtained mainly with the help of Syslog protocol, Snmp protocol and some network security management tools, including network topology information construction equipment, Syslog data collector, Snmp data collector, data collection network to detect attacks, regular scheduled tasks, design and implementation of agent data management.Indicator System Module:it designs and accomplishes management of indicators and dynamic configuration.Correlation analysis module:it uses a correlation analysis technology with attribute proximity for network security event analysis and designs specific process of algorithms.Situation Assessment Module:it uses AHP to determine the index weight. Through analysis and construction of fuzzy matrix, it completes the evaluation of network security situation. It also designs steps of the network security situation assessment.Security Response modules:it refers to the response linkage operation when the system perceives threat, including system response and human response. The paper shows the design of response process.Trend display:basic information, alarm information and assessment results presentation. It designs various ways to display information.