公安信息网应用服务安全监测系统

发布时间：2018-04-16 04:29

本文选题：应用服务 + 安全监测　；参考：《北京交通大学》2014年硕士论文

【摘要】：随着公安部信息化技术的深入开展,公安工作对网络和应用系统的依赖性也越来越强。因此,公安信息网上关键应用系统的安全、稳定、可靠运行是信息化管理部门的主要工作内容和目标。但是,传统的网络安全设置无法对应用系统的合理使用进行评估与分析,无法对窃取、破坏数据等网络行为进行监测和报警。尽管防火墙、防病毒等产品提供访问控制、病毒木马的查杀和网络攻击防范等功能。但是,安全防护方面仍然存在不足：(1)缺乏从流量角度关注应用的安全手段；(2)缺乏对异常行为事件的及时处置手段。本项目建设的公安信息网应用服务安全监测系统能够对网络异常流量进行全面、系统的安全分析,实现对应用系统网络流量的实时监控,及时发现、定位对关键应用系统和数据库的入侵攻击、网络违规操作等行为,为安全管理员提供一个界面友好的流量监控、分析、处理的工具,全面提高公安网安全监测与防护水平。本文从分析公安信息网应用服务安全监测系统出发,深入研究流量监测原理。通过分析系统需求,将系统设计成流量监测,集中监管,报警处置三个部分。网络安全监测系统通过旁路部署的方式实时获取网络流量数据,通过镜像方式采集省厅信息中心核心交换机(或者关键应用系统前端交换机)网络流量信息,采用快速协议分析技术有效利用网络协议的层次性和相关协议的信息,通过数据包的协议解析、数据重组、命令解析等,快速地判断流量应用类型,及时发现网络流量异常。系统采用应用层DPI技术,根据特征码自动匹配、识别应用类型,获取应用层内容：管理员可按照自定义的策略,对应用程序进行分析操作。本文通过对系统的需求分析与设计,实现了一个可以进行流量监控、集中监管并配有报警功能的服务系统。系统一方面使得管理员不仅能进行业务安全分析,网络层流量分析,为网络优化提供数据和模型支持,而且能为应用安全提供有效的解决方案。同时还为进一步的学术研究提供了大量的文本资料。本人重点参与并完成了流量监测系统的开发过程。系统为公安信息网安全监测过程提供了简洁易操作的解决方案,大大降低了网络管理员的工作量,提高了工作效率。
[Abstract]:With the development of the information technology of the Ministry of Public Security, the public security work depends more and more on the network and application system.Therefore, the security, stability and reliable operation of the key application system in the public security information network are the main contents and objectives of the information management department.However, the traditional network security settings can not evaluate and analyze the reasonable use of the application system, and can not monitor and alarm the network behaviors such as stealing and destroying data.Although firewall, anti-virus and other products provide access control, virus Trojan detection and network attack prevention and other functions.However, there is still a shortage in safety protection. (1) lack of safety means to pay attention to the application from the point of view of flow. (2) lack of timely means to deal with abnormal behavior events.The security monitoring system of the public security information network application service constructed by this project can carry on the comprehensive analysis of the network abnormal flow, the security analysis of the system, realize the real-time monitoring of the network flow of the application system, and find out in time.It can provide an interface friendly tool for traffic monitoring, analysis and processing for security administrators, and improve the level of security network security monitoring and protection in an all-round way by locating intrusion attacks on key application systems and databases, network illegal operations, and so on.Based on the analysis of public security information network application security monitoring system, the principle of traffic monitoring is studied in this paper.By analyzing the system requirements, the system is designed into three parts: flow monitoring, centralized supervision and alarm disposal.The network security monitoring system acquires the network traffic data in real time by the way of bypass deployment, and collects the network traffic information of the core switch (or the key application system front-end switch) of the provincial information center by mirror image.The fast protocol analysis technique is used to effectively utilize the hierarchy of network protocols and the information of related protocols. Through the protocol analysis of data packets, data recombination, command parsing, etc., the types of traffic applications can be quickly judged and the network traffic anomalies can be found in time.The system adopts the application layer DPI technology, automatically matches according to the signature code, recognizes the application type, obtains the application layer content: the administrator can carry on the analysis operation to the application program according to the custom policy.Based on the requirement analysis and design of the system, this paper realizes a service system which can monitor the flow, supervise the traffic centrally and have alarm function.On the one hand, the system enables administrators not only to analyze business security, network layer traffic analysis, to provide data and model support for network optimization, but also to provide an effective solution for application security.At the same time, it also provides a lot of text materials for further academic research.I focus on participation and completion of the flow monitoring system development process.The system provides a simple and easy to operate solution for the security monitoring process of the public security information network, greatly reduces the workload of the network administrator and improves the working efficiency.
【学位授予单位】：北京交通大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】