Design And Implementation Of Network Security Event Correlation Analysis

With the popularity of computers, people’s lifestyles have undergone great changes followed, and the application of computer networks, which takes mankind into the information age. As the network and the deepening of globalization, also in various fields of computer network plays an important role. However, the computer network at the same time to bring people a lot of convenience, some of the security problems follow. The concept of safety information at different times have different meanings, so a description of information security is changing, from a military secret secrets to private enterprise, to personal information, as large as a state secret, small to small business trade secrets, minors browse bad information, network information security has been undergoing changes, but in the final analysis, network information security is to use a series of security measures to protect information security, integrity, availability, making all kinds of information resources not damaged, leaking, altered, or unauthorized use. Therefore, the intrusion detection system(IDS) and other security products have been widely used, however, existing IDS technology did not achieve the expected effect, but also brought many new problems such as a large amount of warning data, false positives and omissions and unclear logical relationship. These issues come undesirable affect the application of IDS.In order to solve the problem of false positives and false negatives of IDS alarm data, this paper provide in-depth study of deep packet inspection and introduces deep packet inspection associated with IDS to remove the false positives of IDS alarm data. In order to solve the problem of massive data query, the author introduces a Bloom Filter and conducts its in-depth analysis and complete the improvement of the Bloom Filter algorithm. IDS and deep packet inspection technology through the use of Bloom filters effectively reduce the false alarm rate of the alarm data to provide reliable data for subsequent correlation analysis.From the theory of network security event correlation analysis techniques to start, the design and implementation of a network security event correlation systems. And described in this paper the theoretical basis of the system, the improved algorithm, back-end technology, design and implementation problems and solutions. On Bloom Filter algorithm has been improved, and its use in the network security event correlation system, not only did not affect the efficiency of intrusion detection, but also effectively reduce the probability of a false positive alarm event. So as to provide a follow-up associated with reliable and accurate data analysis. Use the improved algorithm to design a network security event correlation systems. And using DARPA2000 data system was tested, the results show that can effectively reduce the number of false positives, improve the quality of alarm information.In this paper, in-depth analysis of the performance of the Bloom filter, and its make improvements, then use the Bloom filter algorithm combined with deep packet inspection technology improved, a new alarm algorithm in order to reduce the intrusion false positives, false negatives and so on. Combined with the existing intrusion detection system based on the proposed algorithm, network security event correlation systems. Most of the functions associated with the experimental network security event analysis system for effective analysis, creating experimental environment, and then through the network security event correlation system to attack, and the analysis results are sorted and presented using the Internet pages.