| As computer network technology keeps advancing and has more and more applications,network security has become a severe problem,and has become one of the biggest challenges for our homeland security and economic development.Network security system is developed alongside with the internet.As we build the network security system,different kinds of defense systems are developed separately,including the abnormal traffic detection system and attack tracing system.When there is a network security attack,security engineers will receive multiple alarming messages with overlapping contents,which can bias security engineer's judgement on the severity of the issue,and delay their response for security problems.This article is based on existing network defense and monitoring techniques,while combining network security resources from multiple network defence platforms.It relies on user-defined rules,properties,and thresholds to combine and optimize different alarming messages from the abnormal traffic detection system and the attack tracing system.This largely improves the efficiency of processing the network security alerts and identifying the attacks,resulting in better network security.This article covers the following aspects:(1).Analyzes user requests,function requirement,and other secondary requirement based on practical situations.Based on a thorough analysis on the mechanism and content of the abnormal traffic detection system and the attack tracing system,and combined with the process of handling network security issues in practical work,this article provides a design in the system infrastructure and function components.Furthermore,it designs each component in great detail,and defines and optimizes the rules for security event analysis.(2).Based on Arbor abnormal network traffic monitoring system,Genie ATM attack tracing system,and a complex alarming platform and cloud application platform,develops an abnormal network traffic alarming system with Java and My SQL database that provides an interface for the abnormal traffic detection system,the attack tracing system,and a complex alarming platform.Taking the division of current network security zones into consideration,this system add user configurable alarming rules,and can combine redundant messages from the abnormal traffic detection system and the attack tracing system,to determine the network threat level automatically.(3).Performs tests on the newly developed abnormal network traffic alarming interface system.Test results show that the system can integrate and transmit alert messages from both abnormal network traffic and attack tracing.This results in delivering the alert messages in time,optimizing the message content,and improving the efficiency of security alert process.This system has achieved its initial design goal.This article is based on the existing network security defense system,builds an alarm support system,integrates the existing system,optimizes the warning content,improves the efficiency and accuracy of the user's judgment of the attack,and improves the efficiency of the system's attack defense.The research and development results of this article have scientific significance and practical application value. |
PDF Full Text Request