| Due to the rapid development of the Internet, the current network completely preventention means it can not completely eliminate the phenomenon of network intrusion. Network security early warning technology has know without consulting an oracle function, and therefore people in network industry focus on it.Network intrusion usually has a certain time and space order, at the same time they are intrusion in a certain range of time and space. Their attacking process is divided into three stages: the first step is to make the corresponding scanning for a network, the specific address attack target; the second step is to collect data information stage, a detailed understanding of the specific structure of network protection; the third step is to implement the attack phase, the target is destroyed or stolen network information, especially in the process of cooperative attack the distributed network common in unity in space and time is the performance of the more prominent, so as to achieve early warning system of distributed network security may be provided. We can through the fact data collection package of network data packets for routine analysis, and use the corresponding data association analysis technology, to achieve the capacity to analyze intrusion entity, which can judge the future network trend to.This article analyze the nature of the network security system, the possibility to relieve system from attacking to a certain extent, through the overall analysis of the network system to establish the overall framework of distributed network security warning system based on network, and all kinds of architecture in the system is analyzed.Network alarm correlation mining module according to the principle of network data, anomaly detection method using detection technology by the corresponding session recording and based on network technology, user behavior. I hope by means of network technology superb, can timely detect the network attack object, even if the network intrusion and make the necessary warning.Warning center and distributed network security network will be divided into several different regions, the establishment of early warning center area network security in every region. Warning center area network security using the data association technique accordingly, find intrusion data relationships, reducing the data complexity, can effectively reduce the false positive and false negative phenomenon data. Effective means of fusing alarm technology can adopt, found that cannot be found in the system of protection system of network attack. At the same time to previous attacks history storage to the network data in the repository, as future attacks on the network to accurately judge. At the same time, the concept of attack track chain is introduced in this paper, according to the path analysis of network attack is adopted, a causal relationship between the various attacks.Innovation of this article is to extract and analysis with the data in the network through a variety of techniques, also can put these skilled application in the distributed network security warning system, designed the IP address based data fusion technology model, greatly improve the working efficiency of the system. |
PDF Full Text Request