The Collection Of Security Data On Campus Network And The Design And Realization Of Centralized Analysis And Processing System

The rapid development of computer technology is a double-edged sword,brought us a great convenience,but at the same time,network security problems have become increasingly serious,in order to ensure the safety of the network,the campus network deployed a variety of network security equipment and systems,such as Intrusion Prevention System(IPS),WEB Application Firewall(WAF),etc.,which generate a lot of security data(mainly log data).These security data recorded in detail the various attacks on campus network site.Through the collection and analysis of security data,we can filter out the misinformation and the real intrusion data.However,these security data scattered in the various systems,we need to log on to each system to master the appropriate security situation,it is very cumbersome,and according to the scattered data is difficult to get a comprehensive and objective understanding of the security of campus network,therefore,a data acquisition,analysis and processing system is urgently needed to integrate the above data and do a unified analysis,research,show results of analysis dynamically,and feedback the results to the security administrator,so that security administrators can adjust the strict degree of intrusion detection,this study is based on the above requirements,the main work includes the following aspects:(1)data collection and storage:The security data produced by intrusion prevention system(IPS)and WEB application firewall(WAF)will be gathered and stored in database by the log collection server,and sorted data will be obtained by simple data cleansing and perfection.(2)data analysis:By analyzing the sorted data obtained in the previous step,according to archival information of the attacked system and characteristics of the intrusion behavior,both the misinformation and intrusion data will be screened from the security data.(3)dynamic visualization:the use of histograms,pie charts,line charts and other charts will be dynamic and intuitive to show the analytic result,and it is benefit for us to have an intuitive understanding of the overall security of the campus network.(4)send email which contains intrusion data and misinformation to system owners and security administrators so that they can take effective responses in a timely manner.The article explicates the collection of security data on campus network and the design and realization of centralized analysis and processing system.Moreover,the applied technical proposals will be introduced,this system can not only reduce the administrator's operation and workload,improve work efficiency,but also allows us to more comprehensive and objective grasp the status of campus network security,further more,it can improve the school's network defense level,protect the campus network security.