本文選題：通信網(wǎng)絡(luò) + 安全事件　； 參考：《西安電子科技大學(xué)》2015年碩士論文

【摘要】：隨著通信技術(shù)的飛速發(fā)展,已經(jīng)經(jīng)歷了從2G到3G再到4G的階段,第四代通信技術(shù)的出現(xiàn),加速了通信技術(shù)的發(fā)展過程,拓展了原有移動(dòng)通信技術(shù)的發(fā)展內(nèi)涵和范疇,將更加適合所有移動(dòng)通信用戶。軟交換技術(shù)的出現(xiàn),促使通信網(wǎng)從傳統(tǒng)TDM、ATM的傳輸方式向IP化的方式轉(zhuǎn)變,給攻擊者提供了一個(gè)更加開放的攻擊平臺(tái)。雖然,各大通信運(yùn)營商在網(wǎng)絡(luò)規(guī)劃時(shí)已經(jīng)采取相應(yīng)的安全防護(hù)、安全隔離等措施。但是,所有的安全防護(hù)設(shè)備均獨(dú)立進(jìn)行安全防護(hù),這就使得眾多的安全設(shè)備會(huì)產(chǎn)生大量的異構(gòu)安全事件,造成通信網(wǎng)中安全事件日益龐大,其中充斥著很多冗余或不可靠信息。只有從這些龐雜的安全事件中挖掘出真正的攻擊,才能使網(wǎng)絡(luò)管理人員對網(wǎng)絡(luò)安全作出合理的評估和正確的響應(yīng)。對于通信網(wǎng)絡(luò)中安全設(shè)備所產(chǎn)生的各類安全事件,只有對各類安全事件作出正確的、合理的評估及響應(yīng)才能確保通信網(wǎng)絡(luò)安全可靠的運(yùn)行。本文對移動(dòng)通信網(wǎng)絡(luò)中的各類安全事件所產(chǎn)生的影響進(jìn)行分析,針對網(wǎng)絡(luò)設(shè)備安全事件的關(guān)聯(lián)準(zhǔn)確度和安全預(yù)警的準(zhǔn)確度進(jìn)行研究。由于移動(dòng)通信網(wǎng)絡(luò)設(shè)備多,設(shè)備告警、性能告警、日志和事件信息、報(bào)警信息事件量大,為了更好的做好移動(dòng)通信網(wǎng)絡(luò)安全事件管理,必須在安全事件關(guān)聯(lián)方式上進(jìn)行研究。本文首先將采取基于規(guī)則的關(guān)聯(lián)與基于統(tǒng)計(jì)的關(guān)聯(lián)、基于資產(chǎn)的關(guān)聯(lián)、基于行為的關(guān)聯(lián)等多種關(guān)聯(lián)組合使用的方法,以達(dá)到高效的分析安全告警、挖掘安全隱患、判斷安全事件的嚴(yán)重程度和實(shí)質(zhì)影響在實(shí)際的工程領(lǐng)域,通過建立ISMP(信息安全管理平臺(tái))系統(tǒng),實(shí)現(xiàn)對不同廠家、不同設(shè)備所產(chǎn)生的安全事件進(jìn)行處理。其次,安全事件處理的過程是事件采集、事件預(yù)處理、事件關(guān)聯(lián)分析、事件響應(yīng)。整個(gè)安全事件處理過程中的核心是安全事件關(guān)聯(lián)分析,結(jié)合移動(dòng)通信網(wǎng)絡(luò)特點(diǎn),本文就如何提升安全事件關(guān)聯(lián)準(zhǔn)確度,依照RETE網(wǎng)絡(luò)模式匹配的特點(diǎn),提出基于混合關(guān)聯(lián)方式模型,提高了安全事件的關(guān)聯(lián)度。最后,針對當(dāng)前運(yùn)營商的安全事件處理方式:被動(dòng)防御(當(dāng)安全事件發(fā)生后才進(jìn)行響應(yīng)),本論文中提出了風(fēng)險(xiǎn)管理的模型,通過基于威脅和脆弱性的風(fēng)險(xiǎn)計(jì)算、資產(chǎn)價(jià)值的風(fēng)險(xiǎn)計(jì)算對設(shè)備的風(fēng)險(xiǎn)進(jìn)行等級定義,通過預(yù)警觸發(fā)源以實(shí)現(xiàn)安全事件預(yù)警,從而實(shí)現(xiàn)安全事件的主動(dòng)防御。通過安全事件關(guān)聯(lián)分析過程實(shí)現(xiàn)風(fēng)險(xiǎn)管理,通過知識(shí)庫的積累,在移動(dòng)通信網(wǎng)中實(shí)現(xiàn)主動(dòng)防御系統(tǒng)的建立,對即將發(fā)生的安全威脅進(jìn)行預(yù)測,提前進(jìn)行響應(yīng)的安全防護(hù)體系。
[Abstract]:With the rapid development of communication technology, it has gone through the stage from 2G to 3G to 4G. The emergence of the fourth generation communication technology accelerates the development process of communication technology, and expands the connotation and scope of the original mobile communication technology. Will be more suitable for all mobile users. The emergence of softswitch technology makes the communication network change from the traditional TDMN ATM transmission mode to the IP mode, and provides a more open attack platform for the attacker. Although, the major communication operators in the network planning has taken appropriate security protection, security isolation and other measures. However, all the security protection devices carry out security protection independently, which makes a large number of security devices produce a large number of heterogeneous security incidents, resulting in an increasingly large number of security events in communication networks, in which a lot of redundant or unreliable information is flooded. Only by digging out real attacks from these complex security events can network managers make a reasonable assessment and correct response to network security. For all kinds of security events caused by security equipment in communication network, only by making correct, reasonable evaluation and response to all kinds of security events can we ensure the safe and reliable operation of communication network. In this paper, the influence of various security events in mobile communication network is analyzed, and the correlation accuracy of network equipment security events and the accuracy of security early warning are studied. Due to the large number of mobile communication network devices, equipment alarm, performance alarm, log and event information, alarm information events, in order to do a better job of mobile communication network security event management, we must study the security event association mode. In this paper, we first adopt the combination of rule-based association and statistical association, asset-based association, behavior-based association and so on, in order to efficiently analyze the security alarm and mine the security hidden danger. To judge the severity and essential influence of security events in the practical engineering field, the ISMP (Information Security Management platform) system is established to deal with the security incidents produced by different manufacturers and equipment. Secondly, the process of security event processing is event collection, event preprocessing, event correlation analysis and event response. The core of the whole process of security event processing is security event association analysis. Combined with the characteristics of mobile communication network, this paper discusses how to improve the accuracy of security event association, according to the characteristics of RETE network pattern matching. Based on the mixed correlation mode model, the correlation degree of security events is improved. Finally, in view of the current security event handling mode of operators: passive defense (when the security event occurs to respond), this paper proposes a risk management model, through the threat and vulnerability based risk calculation, The risk calculation of asset value defines the risk level of equipment and realizes the early warning of security event through the trigger source of early warning so as to realize the active defense of security event. Through the process of security incident association analysis, the risk management is realized. Through the accumulation of knowledge base, the active defense system is established in the mobile communication network, and the security protection system is designed to predict the imminent security threat and respond in advance.
【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2015
【分類號(hào)】：TN929.5;TN915.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 何健;;移動(dòng)通信網(wǎng)絡(luò)安全策略分析[J];硅谷;2013年21期

2 顧小東;高陽;;Rete算法:研究現(xiàn)狀與挑戰(zhàn)[J];計(jì)算機(jī)科學(xué);2012年11期

3 趙忠華;吳劍英;王靜;;3G移動(dòng)通信系統(tǒng)的網(wǎng)絡(luò)安全分析[J];新疆師范大學(xué)學(xué)報(bào)(自然科學(xué)版);2010年01期

4 蘇洪斌;;新技術(shù)下的移動(dòng)通信網(wǎng)絡(luò)安全[J];信息安全與通信保密;2006年10期

5 趙麗萍;GPRS移動(dòng)通信網(wǎng)絡(luò)安全策略研究[J];微計(jì)算機(jī)信息;2004年08期

6 龔儉,董慶,陸晟;面向入侵檢測的網(wǎng)絡(luò)安全監(jiān)測實(shí)現(xiàn)模型[J];小型微型計(jì)算機(jī)系統(tǒng);2001年02期

，

本文編號(hào)：1906453