Research And Application Of Event Management Based On Network Security

Nowadays,with the rapid development and popularization of the network today.network security threatening has become intensified[1][2][3],and the risk is increasing too.First,the mode of attack is more and more diversity,the mode of OS loophole,worms and user omissions are used quite commonly.Second,the range of attack is increasing gradually,all factors which can affect OS application such as network port,network foundation set are likely to be attacked.Last,for the problems caused by the security even increases gradually.and more and more safety equipments generated heterogeneous type of security events,which contain./Is a large amount of the un-must and unreliable information.So.to make a reasonable case for network security assessment,we must pick up real attack from the complex huge security incidents.So,it has become one of the hot issues that how to design and realize the dynamic network security management framework and the events of the integration and associated processing network security technology research in heterogeneous network environment.According to the problems,this paper presents a dynamic and autonomy network security architecture(DASN).This architecture is from the global perspective which can provide the network security condition analysis,management,and evaluation etc.Through the security node agent mechanism,DASN can provide dynamic expanded border security defense functions as well,and the autonomous security strategy model can effectively avoid risks of the access of from insecure nod.Besides,it can ensure the autonomy of strategy,and make DASN composed of product with different structures work according to the uniform strategy.The network architecture will combine security policy and OS management collection,and can realize policy configuration management system well[4].For the problem that how to describe the safe incident among different structure of the network environment,this paper proposed a event,collection and statute.Different structure of the network security events are divided into two categories,they are alarm events and fault time.Through the expand of the standard IDMEF,to adapt to description requirements of the different structure environment security incident,so it made security incident news format which can be expanded and used commonly for the network safety management.At the same time,to repeated and wrong security events,this paper proposes real-time algorithms which is based on attribute constraint strategy,using relevant network safety knowledge,which can reasonably reduce security events.