| In recent years,the application of computer networks has increasingly penetrated into various fields of social production and life,making cyberspace security protection increasingly a research hotspot,and relevant technologies in the security fields such as firewalls,intrusion detection,and virus prevention have become increasingly mature.However,for comprehensive analysis and application of multi-faceted data related to network security,in-depth research is needed,such as:comprehensively collect and analyze the security data of the entire network to evaluate the overall security situation of the network,and support the decision-making of network security management;For network attack events,based on the analyze of internal logical relationships such as spatial and temporal relationships,analyze the logic of attack behavior.So firstly,this article conducts a detailed study and analysis of the techniques and methods of Data Flow,Alert Aggregation,Alert Correlation,Fuzzy Comprehensive Evaluation,and Analytic Hierarchy Process.Improve the Multi Factor Based Alert Correlation method according to the actual application requirements,propose the Data Flow Oriented Alert Correlation Analysis method.The experimental results show that this method can effectively correlate multi-step attacks and has high operating efficiency,which can meet the actual needs.Secondly,In order to make the above research results practical,a Telecommunication Network Security Situation Analysis and Evaluation System is designed based on detailed analysis of actual needs.It's main capabilities include:real-time alert correlation analysis based on the method proposed in this article and situation assessment based on Fuzzy Comprehensive Evaluation and Analytic Hierarchy Process.Finally,implement and test the actual system.The test results show that the system can effectively achieve the expected function. |
PDF Full Text Request