本文選題：多源日志　切入點(diǎn)：網(wǎng)絡(luò)威脅　出處：《北京交通大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著計(jì)算機(jī)和網(wǎng)絡(luò)技術(shù)的快速發(fā)展,網(wǎng)絡(luò)規(guī)模不斷擴(kuò)大,網(wǎng)絡(luò)安全問題也日趨突出。網(wǎng)絡(luò)系統(tǒng)中部署的各種主機(jī)、應(yīng)用、網(wǎng)絡(luò)設(shè)備和安全設(shè)備每天產(chǎn)生大量的日志數(shù)據(jù),記錄了系統(tǒng)中發(fā)生的各種安全事件。日志作為計(jì)算機(jī)網(wǎng)絡(luò)系統(tǒng)運(yùn)行狀態(tài)的真實(shí)體現(xiàn),對于維護(hù)網(wǎng)絡(luò)系統(tǒng)安全、監(jiān)視網(wǎng)絡(luò)系統(tǒng)運(yùn)行情況至關(guān)重要,是反映網(wǎng)絡(luò)安全狀況的重要數(shù)據(jù)源之一,也是當(dāng)前網(wǎng)絡(luò)威脅分析系統(tǒng)的重要數(shù)據(jù)來源。 近年來,網(wǎng)絡(luò)攻擊威脅行為表現(xiàn)出的特點(diǎn)是：日趨復(fù)雜化、分布化,一個攻擊威脅過程由多個攻擊階段組成,多個階段的攻擊又可能會在不同的網(wǎng)絡(luò)結(jié)點(diǎn)進(jìn)行,依靠單個的事件日志,太過瑣碎、無法反映整個攻擊威脅行為的全貌,因而也就無法捕捉到那些有計(jì)劃、多階段的復(fù)雜攻擊威脅行為�；诙嘣慈罩镜木W(wǎng)絡(luò)威脅分析實(shí)現(xiàn)對網(wǎng)絡(luò)中各個結(jié)點(diǎn)的日志進(jìn)行關(guān)聯(lián)分析,從多層次、多角度對網(wǎng)絡(luò)威脅進(jìn)行檢測,發(fā)現(xiàn)系統(tǒng)中隱蔽的威脅行為。 本文首先討論了基于多源日志的網(wǎng)絡(luò)威脅分析技術(shù)的研究背景和研究意義,總結(jié)了國內(nèi)外研究現(xiàn)狀；給出了網(wǎng)絡(luò)威脅的相關(guān)概念和分類以及現(xiàn)有的網(wǎng)絡(luò)威脅模型,完成了對日志的定性描述和分類,并詳細(xì)分析了各類日志的特點(diǎn)、格式,指出了日志在網(wǎng)絡(luò)威脅分析中的重要作用。 然后對多源日志分析的相關(guān)技術(shù)進(jìn)行說明,包括多源日志采集技術(shù)、處理技術(shù)和數(shù)據(jù)存儲技術(shù)。在此基礎(chǔ)上設(shè)計(jì)并實(shí)現(xiàn)網(wǎng)絡(luò)威脅分析系統(tǒng),并進(jìn)行系統(tǒng)部署和實(shí)驗(yàn)。 最后,總結(jié)了本文的主要工作,并指出基于多源日志的網(wǎng)絡(luò)威脅分析的下一步的工作。
[Abstract]:With the rapid development of computer and network technology, the scale of network is expanding, and the problem of network security is becoming more and more serious. A lot of log data are generated every day by all kinds of hosts, applications, network equipments and security equipments deployed in network system. All kinds of security events occurred in the system are recorded. As the true embodiment of the running state of the computer network system, the log is very important to maintain the security of the network system and monitor the operation of the network system. It is one of the important data sources to reflect the network security, and it is also an important data source of the current network threat analysis system. In recent years, the characteristic of network attack threat behavior is that it is becoming more and more complex and distributed. One attack threat process consists of multiple attack stages, and multiple attacks may be carried out at different network nodes. Relying on a single event log, too trivial to reflect the full picture of the whole attack threat, and therefore unable to capture those planned, The network threat analysis based on the multi-source log can analyze the log of each node in the network, detect the network threat from the multi-level and multi-angle, and discover the hidden threat behavior in the system. This paper first discusses the research background and significance of the network threat analysis technology based on multi-source log, summarizes the current research situation at home and abroad, gives the related concepts and classification of network threat and the existing network threat model. The qualitative description and classification of logs are completed, and the characteristics and formats of all kinds of logs are analyzed in detail, and the important role of logs in network threat analysis is pointed out. Then the related technologies of multi-source log analysis are described including multi-source log acquisition technology processing technology and data storage technology. On this basis the network threat analysis system is designed and implemented and the system deployment and experiment are carried out. Finally, the main work of this paper is summarized, and the next step of network threat analysis based on multi-source log is pointed out.
【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 閔京華;王連強(qiáng);;信息安全事件分類分級的研究過程及國際標(biāo)準(zhǔn)提案進(jìn)展[J];信息技術(shù)與標(biāo)準(zhǔn)化;2009年03期

2 韋勇;連一峰;;基于日志審計(jì)與性能修正算法的網(wǎng)絡(luò)安全態(tài)勢評估模型[J];計(jì)算機(jī)學(xué)報(bào);2009年04期

3 劉必雄;楊澤明;吳煥;許榕生;;基于集群的多源日志綜合審計(jì)系統(tǒng)[J];計(jì)算機(jī)應(yīng)用;2008年02期

4 王純子;黃光球;;基于脆弱性關(guān)聯(lián)模型的網(wǎng)絡(luò)威脅分析[J];計(jì)算機(jī)應(yīng)用;2010年11期

5 劉旭勇;;基于層次化的入侵檢測模型研究[J];信息技術(shù);2012年08期

6 敬瑞星;盧健康;趙鵬飛;張文斌;;基于貝葉斯網(wǎng)絡(luò)的系統(tǒng)可靠性分析平臺[J];計(jì)算機(jī)工程與應(yīng)用;2013年04期

7 王輝;楊光燦;韓冬梅;;基于貝葉斯網(wǎng)絡(luò)的內(nèi)部威脅預(yù)測研究[J];計(jì)算機(jī)應(yīng)用研究;2013年09期

8 李晨e，

本文編號：1644207