Research And Application Of Network Security Event Detection Technology Based On Data Stream

With the development of society and the advancement of science and technology,the application of computer networks is quickly integrated into people's lives and work.At the same time,network security issues have increasingly become a hot issue,prompting network security technologies and methods to become research hotspots in recent years.Among them,the rapid discovery and analysis of various network security incidents to achieve rapid response to security incidents is one of the key research directions,such as:rapid detection and response of port malicious scanning events,rapid discovery and analysis of network information leakage events,etc..This thesis first introduces and analyzes the concept of network security incidents and their detection methods and technologies.Based on the needs of a provincial telecommunications network,the rapid detection of port scanning events and email leaking incidents is selected as the starting point to carry out research on network security incident detection methods.Secondly,the characteristics of the port scan event are studied and analyzed.According to the actual application requirements,a fast detection method of the port scan event based on the feature rules is given.Third,in order to quickly find out whether the text contains sensitive text information,provide timely warning information,and prevent information leakage,research and analysis of typical text similarity analysis algorithms,select the BLEU method that supports rapid analysis of word similarity between texts Combined with the BERT-BiLSTM algorithm based on semantic similarity analysis between texts,it can achieve a comprehensive analysis of text-sensitive information in email content.In addition,in order to improve the speed and effect of the detection and analysis of security incidents,the application of data stream processing technology,the parallel computing architecture of Spark and Kafka,and the computing architecture for rapid detection and analysis of security incidents are given.Finally,in order to realize the verification and application of the above research results,the design scheme of the security event detection system based on data flow is given,which realizes the rapid detection of port scan events and mail leak events,and uses the actual data of the telecommunications network for testing.It shows that the system has achieved the expected effect.