Research On Technology And Method Of Security Event Management For Mobile Communication Network

Mobile communication technology has evolved rapidly from 2G / 3G to current 4G stage. The emergence of the fourth generation communication technology accelerated the development of communication technology, expanded the connotation and category of the existing mobile communication technology, it would be more suitable for all mobile subscribers. The communication network evolved from traditional TDM, and ATM transportation to IP transportation with the emergence of soft switching technology. This kind of transformation provided attacker a more openly platform. Although, the telecommunication operators has taken appropriate measures to ensure safety protection, safety isolation during network planning stage, but all equipment should be protected independently. This makes numerous safety equipment produce a large number of heterogeneous security incidents, which causes the growth of network security events, among these event, emerge a lot of redundant or unreliable information. The network management team puts forward a reasonable network security evaluation and right response by searching for real attacks form the heterogeneous security incidents. For all kinds of security incidents which generated by safety equipment, the correct and reasonable evaluation and response ensure the safe and reliable operation of communication networks.In this paper, the mobile communication network of the impact of various types of security incidents is analyzed, and did the research on the correlation precision and accuracy of early warning of network equipment security events.Due to the large number of mobile communication network equipment, like equipment alarm, performance alarm, logs and events, the research would be made on the basis of security event correlation. The research would be made on the basis of security event correlation study to better management of mobile communication network security incidents. In order to achieve efficient analysis security alarms, mining safety, judging the severity of the security incident and substantial effects in the actual engineering field. This paper firstly adopted the methods based on the correlation of rule, on the statistical correlation, on the rule, on the asset correlation, on the behavior of the association. Establishing the ISMP(information security management platform system) has realized to solve security incidents which come from different manufacturers or different devices.Secondly, the security event handling is the process of events collecting, preprocessing, correlation analysis and incident response. The core process in the whole security event handling is security event correlation analysis. Combined with the characteristics of mobile communication network, this paper focus on how to improve accuracy of security event correlation. Meanwhile, the hybrid correlation model was proposed according to the characteristics of Pete network pattern matching model and improved the security event correlation.Finally, according to the current process mode in operator safety issues, namely the passive defense(it response after the safety incident occurs), a risk management model was put forward in this paper, which defined The risk of equipment level based on the risk calculation of threat,vulnerability and asset value. By triggering warning source to realize the security incident early warning and realize the active defense of security incidents.through the analysis process of security event correlation to realize risk management,through the accumulation of knowledge base, making it possible to set up the active defense system in the mobile communication network,and then forecast the impending security threats and respond to security protection system in advance.