基于多源日志的网络威胁分析系统的研究

发布时间：2018-03-21 14:13

本文选题：多源日志　切入点：网络威胁　出处：《北京交通大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着计算机和网络技术的快速发展,网络规模不断扩大,网络安全问题也日趋突出。网络系统中部署的各种主机、应用、网络设备和安全设备每天产生大量的日志数据,记录了系统中发生的各种安全事件。日志作为计算机网络系统运行状态的真实体现,对于维护网络系统安全、监视网络系统运行情况至关重要,是反映网络安全状况的重要数据源之一,也是当前网络威胁分析系统的重要数据来源。近年来,网络攻击威胁行为表现出的特点是：日趋复杂化、分布化,一个攻击威胁过程由多个攻击阶段组成,多个阶段的攻击又可能会在不同的网络结点进行,依靠单个的事件日志,太过琐碎、无法反映整个攻击威胁行为的全貌,因而也就无法捕捉到那些有计划、多阶段的复杂攻击威胁行为。基于多源日志的网络威胁分析实现对网络中各个结点的日志进行关联分析,从多层次、多角度对网络威胁进行检测,发现系统中隐蔽的威胁行为。本文首先讨论了基于多源日志的网络威胁分析技术的研究背景和研究意义,总结了国内外研究现状；给出了网络威胁的相关概念和分类以及现有的网络威胁模型,完成了对日志的定性描述和分类,并详细分析了各类日志的特点、格式,指出了日志在网络威胁分析中的重要作用。然后对多源日志分析的相关技术进行说明,包括多源日志采集技术、处理技术和数据存储技术。在此基础上设计并实现网络威胁分析系统,并进行系统部署和实验。最后,总结了本文的主要工作,并指出基于多源日志的网络威胁分析的下一步的工作。
[Abstract]:With the rapid development of computer and network technology, the scale of network is expanding, and the problem of network security is becoming more and more serious. A lot of log data are generated every day by all kinds of hosts, applications, network equipments and security equipments deployed in network system. All kinds of security events occurred in the system are recorded. As the true embodiment of the running state of the computer network system, the log is very important to maintain the security of the network system and monitor the operation of the network system. It is one of the important data sources to reflect the network security, and it is also an important data source of the current network threat analysis system. In recent years, the characteristic of network attack threat behavior is that it is becoming more and more complex and distributed. One attack threat process consists of multiple attack stages, and multiple attacks may be carried out at different network nodes. Relying on a single event log, too trivial to reflect the full picture of the whole attack threat, and therefore unable to capture those planned, The network threat analysis based on the multi-source log can analyze the log of each node in the network, detect the network threat from the multi-level and multi-angle, and discover the hidden threat behavior in the system. This paper first discusses the research background and significance of the network threat analysis technology based on multi-source log, summarizes the current research situation at home and abroad, gives the related concepts and classification of network threat and the existing network threat model. The qualitative description and classification of logs are completed, and the characteristics and formats of all kinds of logs are analyzed in detail, and the important role of logs in network threat analysis is pointed out. Then the related technologies of multi-source log analysis are described including multi-source log acquisition technology processing technology and data storage technology. On this basis the network threat analysis system is designed and implemented and the system deployment and experiment are carried out. Finally, the main work of this paper is summarized, and the next step of network threat analysis based on multi-source log is pointed out.
【学位授予单位】：北京交通大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】