本文關(guān)鍵詞： 警報(bào)關(guān)聯(lián) 因果邏輯 關(guān)聯(lián)圖劃分 可擴(kuò)展性 低開(kāi)銷　出處：《計(jì)算機(jī)研究與發(fā)展》2015年S2期 　論文類型：期刊論文

【摘要】：大規(guī)模網(wǎng)絡(luò)環(huán)境下,多樣化網(wǎng)絡(luò)攻擊類型產(chǎn)生的高速警報(bào)數(shù)據(jù)流,對(duì)警報(bào)關(guān)聯(lián)方法的通用性、實(shí)時(shí)性以及系統(tǒng)開(kāi)銷控制提出了很高的要求.目前警報(bào)關(guān)聯(lián)技術(shù)相關(guān)研究多是基于集中式結(jié)構(gòu)的算法設(shè)計(jì),難以滿足實(shí)時(shí)性的要求;而已有少數(shù)分布式警報(bào)關(guān)聯(lián)系統(tǒng)未深入考慮負(fù)載均衡和系統(tǒng)開(kāi)銷控制.為此,提出了一種通用可擴(kuò)展的在線警報(bào)關(guān)聯(lián)方法CACDS(causal alert correlation on distributed system).CACDS在分布式流處理環(huán)境中采用"分派-匯聚"機(jī)制作為在線警報(bào)關(guān)聯(lián)的基本框架.基于該框架,CACDS采用因果邏輯方法進(jìn)行關(guān)聯(lián)分析,松弛匹配警報(bào)之間的前因后果,能夠?qū)Ω鞣N不同攻擊類型進(jìn)行有效檢測(cè).為了充分利用分布式環(huán)境下各節(jié)點(diǎn)資源,提出一種混合式關(guān)聯(lián)圖劃分技術(shù),以不同警報(bào)類型引起的計(jì)算開(kāi)銷和系統(tǒng)開(kāi)銷為依據(jù),警報(bào)被映射至不同的關(guān)聯(lián)進(jìn)程中以實(shí)現(xiàn)并行警報(bào)關(guān)聯(lián),保證了系統(tǒng)實(shí)時(shí)性和低開(kāi)銷.基于Storm平臺(tái)的原型系統(tǒng)實(shí)驗(yàn)表明,與其他方法相比,CACDS具有更好的可擴(kuò)展性、更高的吞吐率和更低的系統(tǒng)開(kāi)銷.
[Abstract]:The large-scale network environment, high alert data stream generated by the diversification of network attack types, general of alert correlation, real-time control and system cost to a very high demand. The related research of alert correlation technology is designed based on the structure of the centralized algorithm, it is difficult to meet the real-time requirements; only a few distributed alarm relational system is not thorough consideration load balancing and system control. Therefore, we propose a general online alert correlation method can be extended to CACDS (causal alert correlation on distributed system.CACDS) in a distributed stream processing environment using "allocating convergence mechanism" as the basic framework of online alert correlation. Based on this framework, using CACDS causality the logic method of correlation analysis between the relaxation matching alarm can effectively check on antecedents and consequences, various types of attacks Test. In order to make full use of resources of each node in distributed environment, put forward a hybrid graph partitioning technique, computation overhead and system in different types of alarm caused by the alarm as the basis, are mapped to different associations in the process to achieve a parallel alert correlation, to ensure the system real-time and low cost. The experiment indicates that the prototype system based on the Storm platform, compared with other methods, CACDS has better scalability, overhead higher throughput and lower.

【作者單位】： 并行與分布處理國(guó)家重點(diǎn)實(shí)驗(yàn)室(國(guó)防科學(xué)技術(shù)大學(xué)計(jì)算機(jī)學(xué)院);
【基金】：國(guó)家自然科學(xué)基金項(xiàng)目(61379052) 國(guó)家“八六三”高技術(shù)研究發(fā)展計(jì)劃基金項(xiàng)目(2013AA01A213) 湖南省自然科學(xué)杰出青年基金項(xiàng)目(14JJ1026) 教育部高等學(xué)校博士學(xué)科點(diǎn)專項(xiàng)科研基金項(xiàng)目(20124307110015)
【分類號(hào)】：TP393.08

【相似文獻(xiàn)】

相關(guān)期刊論文 前3條

1 王曉煜;張奇松;黃浩;;基于SOA的公共衛(wèi)生管理系統(tǒng)的設(shè)計(jì)與研究[J];河北大學(xué)學(xué)報(bào)(哲學(xué)社會(huì)科學(xué)版);2014年01期

2 鄭凱,劉愛(ài)芳,黃丹華;基于Java Servlet技術(shù)的網(wǎng)上Q&A系統(tǒng)的設(shè)計(jì)和實(shí)現(xiàn)[J];微型電腦應(yīng)用;2001年02期

3 ;[J];;年期

，

本文編號(hào)：1518687