本文選題：應(yīng)用服務(wù) + 安全監(jiān)測��； 參考：《北京交通大學(xué)》2014年碩士論文

【摘要】：隨著公安部信息化技術(shù)的深入開展,公安工作對網(wǎng)絡(luò)和應(yīng)用系統(tǒng)的依賴性也越來越強(qiáng)。因此,公安信息網(wǎng)上關(guān)鍵應(yīng)用系統(tǒng)的安全、穩(wěn)定、可靠運(yùn)行是信息化管理部門的主要工作內(nèi)容和目標(biāo)。但是,傳統(tǒng)的網(wǎng)絡(luò)安全設(shè)置無法對應(yīng)用系統(tǒng)的合理使用進(jìn)行評估與分析,無法對竊取、破壞數(shù)據(jù)等網(wǎng)絡(luò)行為進(jìn)行監(jiān)測和報警。盡管防火墻、防病毒等產(chǎn)品提供訪問控制、病毒木馬的查殺和網(wǎng)絡(luò)攻擊防范等功能。但是,安全防護(hù)方面仍然存在不足：(1)缺乏從流量角度關(guān)注應(yīng)用的安全手段；(2)缺乏對異常行為事件的及時處置手段。本項目建設(shè)的公安信息網(wǎng)應(yīng)用服務(wù)安全監(jiān)測系統(tǒng)能夠?qū)W(wǎng)絡(luò)異常流量進(jìn)行全面、系統(tǒng)的安全分析,實(shí)現(xiàn)對應(yīng)用系統(tǒng)網(wǎng)絡(luò)流量的實(shí)時監(jiān)控,及時發(fā)現(xiàn)、定位對關(guān)鍵應(yīng)用系統(tǒng)和數(shù)據(jù)庫的入侵攻擊、網(wǎng)絡(luò)違規(guī)操作等行為,為安全管理員提供一個界面友好的流量監(jiān)控、分析、處理的工具,全面提高公安網(wǎng)安全監(jiān)測與防護(hù)水平。 本文從分析公安信息網(wǎng)應(yīng)用服務(wù)安全監(jiān)測系統(tǒng)出發(fā),深入研究流量監(jiān)測原理。通過分析系統(tǒng)需求,將系統(tǒng)設(shè)計成流量監(jiān)測,集中監(jiān)管,報警處置三個部分。網(wǎng)絡(luò)安全監(jiān)測系統(tǒng)通過旁路部署的方式實(shí)時獲取網(wǎng)絡(luò)流量數(shù)據(jù),通過鏡像方式采集省廳信息中心核心交換機(jī)(或者關(guān)鍵應(yīng)用系統(tǒng)前端交換機(jī))網(wǎng)絡(luò)流量信息,采用快速協(xié)議分析技術(shù)有效利用網(wǎng)絡(luò)協(xié)議的層次性和相關(guān)協(xié)議的信息,通過數(shù)據(jù)包的協(xié)議解析、數(shù)據(jù)重組、命令解析等,快速地判斷流量應(yīng)用類型,及時發(fā)現(xiàn)網(wǎng)絡(luò)流量異常。系統(tǒng)采用應(yīng)用層DPI技術(shù),根據(jù)特征碼自動匹配、識別應(yīng)用類型,獲取應(yīng)用層內(nèi)容：管理員可按照自定義的策略,對應(yīng)用程序進(jìn)行分析操作。 本文通過對系統(tǒng)的需求分析與設(shè)計,實(shí)現(xiàn)了一個可以進(jìn)行流量監(jiān)控、集中監(jiān)管并配有報警功能的服務(wù)系統(tǒng)。系統(tǒng)一方面使得管理員不僅能進(jìn)行業(yè)務(wù)安全分析,網(wǎng)絡(luò)層流量分析,為網(wǎng)絡(luò)優(yōu)化提供數(shù)據(jù)和模型支持,而且能為應(yīng)用安全提供有效的解決方案。同時還為進(jìn)一步的學(xué)術(shù)研究提供了大量的文本資料。本人重點(diǎn)參與并完成了流量監(jiān)測系統(tǒng)的開發(fā)過程。系統(tǒng)為公安信息網(wǎng)安全監(jiān)測過程提供了簡潔易操作的解決方案,大大降低了網(wǎng)絡(luò)管理員的工作量,提高了工作效率。
[Abstract]:With the development of the information technology of the Ministry of Public Security, the public security work depends more and more on the network and application system.Therefore, the security, stability and reliable operation of the key application system in the public security information network are the main contents and objectives of the information management department.However, the traditional network security settings can not evaluate and analyze the reasonable use of the application system, and can not monitor and alarm the network behaviors such as stealing and destroying data.Although firewall, anti-virus and other products provide access control, virus Trojan detection and network attack prevention and other functions.However, there is still a shortage in safety protection. (1) lack of safety means to pay attention to the application from the point of view of flow. (2) lack of timely means to deal with abnormal behavior events.The security monitoring system of the public security information network application service constructed by this project can carry on the comprehensive analysis of the network abnormal flow, the security analysis of the system, realize the real-time monitoring of the network flow of the application system, and find out in time.It can provide an interface friendly tool for traffic monitoring, analysis and processing for security administrators, and improve the level of security network security monitoring and protection in an all-round way by locating intrusion attacks on key application systems and databases, network illegal operations, and so on.Based on the analysis of public security information network application security monitoring system, the principle of traffic monitoring is studied in this paper.By analyzing the system requirements, the system is designed into three parts: flow monitoring, centralized supervision and alarm disposal.The network security monitoring system acquires the network traffic data in real time by the way of bypass deployment, and collects the network traffic information of the core switch (or the key application system front-end switch) of the provincial information center by mirror image.The fast protocol analysis technique is used to effectively utilize the hierarchy of network protocols and the information of related protocols. Through the protocol analysis of data packets, data recombination, command parsing, etc., the types of traffic applications can be quickly judged and the network traffic anomalies can be found in time.The system adopts the application layer DPI technology, automatically matches according to the signature code, recognizes the application type, obtains the application layer content: the administrator can carry on the analysis operation to the application program according to the custom policy.Based on the requirement analysis and design of the system, this paper realizes a service system which can monitor the flow, supervise the traffic centrally and have alarm function.On the one hand, the system enables administrators not only to analyze business security, network layer traffic analysis, to provide data and model support for network optimization, but also to provide an effective solution for application security.At the same time, it also provides a lot of text materials for further academic research.I focus on participation and completion of the flow monitoring system development process.The system provides a simple and easy to operate solution for the security monitoring process of the public security information network, greatly reduces the workload of the network administrator and improves the working efficiency.
【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 劉小明;;MRTG日志文件的分析研究[J];電腦學(xué)習(xí);2007年06期

2 張文杰,錢德沛,張然,楊新宇,張興軍;互聯(lián)網(wǎng)應(yīng)用性能測量系統(tǒng)的研究與實(shí)現(xiàn)[J];計算機(jī)研究與發(fā)展;2003年01期

3 陳伯成,范閩,李英杰;利用網(wǎng)絡(luò)監(jiān)聽維護(hù)子網(wǎng)絡(luò)系統(tǒng)安全的一種方法[J];計算機(jī)工程與應(yīng)用;2000年10期

4 蔣萍;最新MRTG安裝配置及應(yīng)用[J];礦山機(jī)械;2004年07期

5 李信滿,趙大哲,趙宏,劉積仁;基于應(yīng)用的高速網(wǎng)絡(luò)入侵檢測系統(tǒng)研究[J];通信學(xué)報;2002年09期

6 徐加羚;龔儉;;可擴(kuò)展高速網(wǎng)絡(luò)流量被動測量平臺的設(shè)計與實(shí)現(xiàn)[J];計算機(jī)技術(shù)與發(fā)展;2006年09期

，

本文編號：1757317