Research On Security Risk Early Warning Technology Of Airport Network

The Airport Information System undertakes check-in,flight control,aircraft loading balance,departure control and other functions.It has many information types and complicated business processes,and also plays an important role in ensuring the orderly operation of flights.While the airport network,as a neural hub,guarantees the normal operation of the airport information system.Once it fails or is attacked,it will influence the normal operation of the business,resulting in a large area of flight delays,passengers can't check in,a waste of human and financial resources.In recent years,network security incidents occur frequently in civil aviation,the attack launched on airport network has been increasing year by year,in order to ensure the safety and orderly operation of the airport network,it is urgent to establish a set of risk warning system to monitor the running state of airport network,in time to detect network security incidents.Firstly,we solve the heterogeneous problem of multi-source log by collecting the log data of the security equipment in the airport network,then cleaning the log,eliminating redundant and incomplete attributes log,extracting key attributes in the log and normalizing the multi-source log in XML format.Secondly,in order to improve the processing efficiency and the degree of polymerization of the log,through the study of log analysis,four log aggregation rules are defined,and the classification is classified according to the priority level,the multi-source log is aggregated by the improved dynamic time-interval threshold algorithm.Thirdly,in order to find hidden attacks from the hyper-alert log,get real attacks,reduce the false alarm rate of security incidents.The improved D-S evidence theory is used to fuse the hyper-alert log formed after the aggregation.Finally,to constitute a model of airport network security risk early warning system.Through the use of Spring MVC framework to achieve the system,to show the integration of the threat event and to provide a visual interface for the administrator.The results show that the improved multi-source log aggregation algorithm and fusion algorithm can improve the log aggregation degree and reduce the false alarm rate of the security alarm event.The risk early warning system can accurately forecast the threaten event,improve the airport's network security and the efficiency of human-computer interaction.