东北大学学报(自然科学版)

东北大学学报(自然科学版) ›› 2005, Vol. 26 ›› Issue (3): 228-231.DOI: -

• 论著 • 上一篇    下一篇

一个融合网络安全信息的安全事件分析与预测模型

彭雪娜;赵宏   

  1. 东北大学软件中心;东北大学软件中心 辽宁沈阳 110004
  • 收稿日期:2013-06-24 修回日期:2013-06-24 出版日期:2005-03-15 发布日期:2013-06-24
  • 通讯作者: Peng, X.-N.
  • 作者简介:-
  • 基金资助:
    国家信息安全中心资助项目(2001 研2 A 005)·

Network security information fusion based security event analysis and prediction model

Peng, Xue-Na (1); Zhao, Hong (1)   

  1. (1) Software Ctr., Northeastern Univ., Shenyang 110004, China
  • Received:2013-06-24 Revised:2013-06-24 Online:2005-03-15 Published:2013-06-24
  • Contact: Peng, X.-N.
  • About author:-
  • Supported by:
    -

RichHTML

1

PDF (PC)

1453

摘要: 提出了一种融合网络安全信息的安全事件分析与预测模型·该模型能够对来自以IDS为主的多种安全部件和关键主机日志系统的网络安全信息进行校验、聚集和关联,从而整体上降低安全部件的误报率,扩展对网络中复杂攻击识别能力;能够结合目标网络安全策略,对目标网络的安全状况进行准确评估,分析出网络真正威胁所在;还能够基于特定攻击场景,对未来可能发生的具体攻击行为做预测,从而尽早发现潜在威胁,为采取有效响应措施赢得宝贵时间·

关键词: 入侵检测系统, 网络安全信息融合, 告警聚集, 事件关联, 安全状态评估, 安全事件预测

Abstract: A model is developed fusing all network security information together for analyzing and predicting security events to meet the requirements of network security management. The model can verify, aggregate and correlate with the network security information that comes mainly from IDSes, with the rest from various security devices and the log systems of key hosts. The model can also evaluate the security status of the target network according to network security mission, and analyze the key threat to the network. Besides, it can predict possible security event in future according to a certain attack scenario and realize the latent threat as soon as possible, which means winning valuable time for effective response.

中图分类号: