Analysis And Research Of Event Processing In Network Security Management System

With the increase in the number of Internet users,network security has become a problem with great concern.In order to effectively solve network security problem,network security management system makes firewall,intrusion detection,anti-virus,vulnerability scanning and other security devices together,to complete the network security work within the enterprise.In the network security management system,the main assessment of the safety performance of the system is based on the system's security events.With the scale of network security system become more and more large,analysis of network security events has become increasingly difficult.First,security devices support a variety of different means of communication,bring some difficulties for collection events via different ways,secondly,log file format differences collected through various collection techniques is relatively large,it is difficult unified treatment,and with the number of the event and rules increase,real-time and high performance has also been some impact in event processing work.In this paper,the core content of the study is event processing,the main work includes the following aspects:1.Rete algorithm for a detailed analysis and research,there are a lot of secondary mismatch of the event processing by rule tree algorithm.The Rete network configuration process has been improved design,using Hash Map sorting the Type of Rete network nodes and their values,and in the implementation process sorting all the condition in each filter rule.Through simulation testing,comparison the event processing performance before and after the improvement of Rete algorithm,final results show that the proposed method is feasible and improvement effective,and makes the system when an event filtering process,having improved performance,improved efficiency.2.Study on the relevant methods applied in the network security management system,by comparing the MD5 value is same between equipment applied and to be issued,to decide whether the strategy needed to be translated to the equipment.Therefore,we can save time to send the same strategy.Through first return the system information and reacquisition subordinate device information when adding subordinate system,improving the user experience of the system.When you update the cascade structure,by returning the system its only information,we can avoid the communication failure when translating the long packets and long connection.3.Based on the improved Rete algorithm and relevant methods proposed earlier,design and implement the event source module,event acquisition module and event processing module.First added the normalization operation in event processing,to transform the event collected in different forms into a file with the same format,secondly,in the process of event filtration,describe in detail of the making of filtering rule,splitting of the rule includes "or" relation,constructing process by improved Rete network,and finally every module of the system were tested in the form of figure shows.