The Design And Implementation Of Network Security Event Management System Based On Equipment Log

In recent years,along with the continuous development of network technology and the continuous promotion of the concept of "Internet +",the demand for network applications by enterprises in operation is also getting higher and higher.In order to prevent the internal business system suffered from illegal access,virus propagation,malicious attacks and other network threats brought by system security issues,firewalls,IDS,IPS and other security devices have been widely used.However,these devices can only function in specific aspects and can't be unified management and mutual cooperation,resulting in a single security island.In the case of complex business systems and many security islands,the network security event management system has become the key research direction to solve this problem.Through the analysis of the research background and the status quo,several important function points and their related technologies are identified: Data processing is to use Syslog,Netconf and other protocols to interact with the support equipment to complete the acquisition of the original log and the related configuration delivery;Event analysis can not only classify the original logs according to different purposes,but also perform in-depth filtering and analysis of the original logs according to the system's built-in association rules;Risk analysis is based on the pre-defined Va R matrix in ISO13335 as a reference model,and proposes a risk value assessment algorithm based on "asset-threat-vulnerability" to analyze the risk of assets,business and the whole network;Security Response to deal with security tickets as the main content,people and technologies can be combined to deal with various cyber threats correctly and effectively.In addition,the system uses the MVC design pattern in the design process,and the widely used SSH framework as its overall construction direction,greatly improving the robustness of the program.In terms of structure,the key technologies involved in the system are first introduced as a starting point for detailed description and analysis.Then according to the requirements,the design and implementation of the system are described in detail.Finally,the testing and verification prove that the system fully meets the business requirements of network security event management in function and performance.