Design And Implementation Of The Security Management System Based On The Linked Data And Semantic Correlation Analysis

With the rapid development of IT,the scale of the infrastructure is growing. In the large scale infrastructure, the security issues are becoming increasingly severe. To ensure the security of the system, the situation of the system needs to be controlled. At present, the system security management is mainly based on a variety of different security tools,such as nmap,openvas and ossec and so on. The diversity of data collection methods and network monitoring methods can provide rich data resources for network security management. But because of the lack of integration of data, the information is fragmented in isolation and the situation is not conducive to a comprehensive analysis of the network.By analyzing the feature of network security data and the need of network security management, this thesis designs the model of security data integration and correlation analysis based on the ontology and linked data theory. This thesis implements the security management system based on the linked data and correlation analysis, providing solutions for multi-dimensional analysis of network security.The main contributions of this thesis can be described as follows:Firstly, the demand of the network security management and the characteristics of the security data are analyzed. The security ontology model is built and formal defined based on the ontology and linked data theory, with the correlation relationship of the data established. The relationship of security data is established based on the properties and rules. Security data from different data sources is integrated, and the data of different instances of the same entity is associated. The integration and association of the data is implemented.Secondly, the data instantiated on the security ontology model, is analyzed from different dimensions. By setting the rules based on the properties, the assets and other kinds of entities is related, and the same asset entity comes from different data sources is associated to achieve the redundancy process.Finally, combining the security ontology model, the linked data is analyzed by semantic correlation functions. The algorithm of the security ontology instantiation and provenance is designed. The state of the asset is analyzed by the semantic distance, which can help to discover the abnormal state of the asset. By the provenance algorithm, we can find the linked data which is related to the abnormal log and find the associated data of the log.