Research On Network Security Event Detection And Fusion Analysis Technology

The development of Internet technology brings great convenience to daily life.However,the security problems caused by security flaws are also threatening the interests of citizens.The disclosure of privacy and the loss of property are frequent.Network security event protection has been put on the desk,the protection demand of the Internet from malicious intrusion is also growing.Simple computer protection technology has been far from being able to meet the network environments,the network security event detection and fusion analysis is imperative.In this paper,there are two main research content,one is the detection of network security events,through the establishment of the model to generate the most effective network security event detection rules;Second,after the network intrusion,through the network security event alarm fusion analysis,restore the process of attacking the system helps the system administrator to analyze the weak points of the system.In the detection of network security events,the accuracy of detection rules is very important for the detection of security events.In order to reduce the false alarm rate and false negative rate,it is necessary to set up effective detection rules.Setting the detection rules manually is a time-consuming and inefficient protection way.At present,the main problem of related research at home and abroad is that the rule generation model is complex and the detection efficiency is not guaranteed.Aiming at these two shortcomings,this paper presents a particle swarm optimization(PSO)detection rule generation model with mutation operation.The model uses the advantages of particle swarm optimization(PSO)to reduce the complexity and searches the optimal rule in the regular space quickly.In order to overcome the shortcoming of premature convergence,mutation operation is added to the Particle Swarm Optimization(PSO)during particle swarm iteration,which can make particle swarm have the ability to search for the optimal solution in regular space after particle swarm is premature convergence.Finally,this paper uses the proposed model,and write a prototype system to test,verify the PSO algorithm with the mutation operation can ensure the detection efficiency of the generated rules.Network attacks are becoming more and more complex,usually an attack will go through a number of steps,during which the system will generate a lot of alarm information.How to extract effective information from complex system alerts and correctly restore theprocess of system attacks is a challenge for system administrators to repair system defects afterwards.Therefore,this paper studies this problem and finds that the current network security event fusion analysis method is mainly based on the analysis of known attack information,which can't do anything for the unknown attack,and requires a large amount of training data to train,the algorithm is complex and inefficient.In this paper,a new analysis model of network security event fusion analysis is proposed from the perspective of correlation analysis of alarm.By using Bayesian network's event correlation analysis method,the equality constraint sets is introduced into the analysis process,and a large number of alarms are analyzed.And the time constraint relationship is added to the calculation of the alarm correlation matrix value to filter out the interference of the expired alarm to ensure the correctness of the restoration of the attack process.Finally,the proposed model is used to restore the attack process on the attack scene,which verifies the correctness of the model.