The Design And Implementation Of Security Operation And Maintenance Management Platform Based On OSSIM

With the enhancement of people's safety consciousness,the deployment of security equipment is more and more extensive.Operations and Maintenance Safety Managers are facing severe challenges in dealing with the massive data and false alarms generated by safety equipment.Due to the different function emphasis of various network devices,the security devices are running on their own.Through the analysis of professional security incidents,it is urgent to find out the real threat data from the massive security incidents and eliminate false alarms,so that users can accurately perceive the network security situation and improve the efficiency of security management.The security operation and maintenance platform situation analysis system can obtain relevant data from various security devices and software,integrate heterogeneous network security devices,carry out real-time security event correlation analysis through predefined security rules,and collect the current network detection data,together with the previously defined asset value,carry out corresponding security risk assessment,and find out from the massive security events.The real threat.It enables users at different levels to accurately perceive the network security situation and give suggestions and measures from different perspectives.This paper firstly uses the OSSIM system as a prototype to analyze and study the technical architecture of OSSIM,understand and master the principle and architecture of the open source security operation and maintenance platform,and understand and consult the related security technologies.Secondly,the needs analysis of the platform functions required by the subject matter is carried out,especially the requirements for data collection,security event aggregation and correlation analysis decision-making of the key research of the subject are analyzed and understood in detail.Then,the detailed design and implementation of the data acquisition system are introduced,and solutions to the difficulties and problems encountered in the design and implementation are proposed.For different data acquisition objects,the detector and the abnormal monitor are used for acquisition.Design and implement a method of data normalization.Thirdly,the detailed analysis and implementation of the association analysis decision system.Study and explore the advantages and disadvantages of different correlation algorithms.The association analysis function is implemented by combining event sequence association and heuristic association,and a set of effective security events is obtained.After that,the design and implementation of the event aggregation are elaborated.The similarity calculation is performed by the security event and the aggregate alarm,and a valid aggregation alarm is obtained from the massive security event alarm data.The correlation analysis is based on the data of the event data with reliable trend characteristics,which makes the conclusion of the correlation analysis more feasible.Finally,the effectiveness of the system was verified experimentally.