基于Hadoop的网络安全管理系统的研究与实现

发布时间：2019-01-02 18:52

【摘要】：计算机和通信技术的不断变革创新,使得网络已经深入到人们生活的各个领域,在彼此的生活工作中扮演着不可替代的角色。计算机通信在带给人们工作便利的同时,也带来了重大安全隐患：信息丢失、损毁,网络攻击,病毒侵略等等。在一系列的惨痛经验教训下,人们也越来越意识到网络安全的重要性。网络安全管理系统应运而生。它能够很好地对局域网内各种安全设备,工作主机进行监控。但传统的网络安全管理系统已不能满足日益增长的安全数据的存储和对海量数据的业务处理要求。本文针对系统新需求,结合当前发展趋势,提出了基于Hadoop的网络安全管理系统的设计的新方案：1,利用Hadoop集群的整体存储能力,结合传统网络安全管理系统的关系数据库存储数据方式,取代原有单一数据存储模型,解决传统网络安全管理系统无法存储大量数据且数据易丢失和不一致的问题。2,利用Hadoop集群的并行计算能力,结合传统网络安全管理系统的业务处理流程,解决单一服务器在处理海量数据时存在的速度过慢影响系统性能的问题。该系统包括包括设备管理模块、事件处理模块、安全评估模块和数据备份模块。设备管理模块用于实现整个对整个局域网内所有设备的控制,包括安全设备,工作主机,可信设备和未知设备。事件模块用于接收所有安全设备上报的信息,并直观展示给管理者。安全评估模块汇总整个网络内的安全数据信息,并按照相应规则,对当前网络安全情况作出判断。该模块的任务调度使用了改进后的Hadoop集群的公平调度算法,能够积极响应一级网络安全管理系统的请求,更适合本系统的实际情况。数据备份模块结合Hadoop集群,共建了一个级联安管系统的数据存储中心,数据分为系统数据和事件数据两部分,所有数据都上传至该中心,保证了一致性和可用性。
[Abstract]:With the continuous innovation of computer and communication technology, the network has penetrated into every field of people's life and plays an irreplaceable role in each other's life and work. Computer communication not only brings convenience to people's work, but also brings great security problems: information loss, damage, network attack, virus invasion and so on. In a series of painful lessons, people are also increasingly aware of the importance of network security. Network security management system came into being. It can monitor all kinds of security equipment and working host in LAN. However, the traditional network security management system can no longer meet the requirements of increasing storage of security data and processing of massive data. According to the new demand of the system and the current development trend, this paper puts forward a new design scheme of the network security management system based on Hadoop: 1, using the whole storage capacity of the Hadoop cluster, Combining the traditional network security management system with the relational database to store data, it replaces the original single data storage model, solves the problem that the traditional network security management system can not store a large amount of data and the data is easily lost and inconsistent. By using the parallel computing capability of Hadoop cluster and the business process of traditional network security management system, the problem that the slow speed of single server processing magnanimous data affects the system performance is solved. The system includes equipment management module, event handling module, security evaluation module and data backup module. The device management module is used to control all devices in the whole LAN, including security devices, working hosts, trusted devices and unknown devices. The event module is used to receive the information reported by all security devices and display it directly to the manager. The security evaluation module aggregates the security data information of the whole network and judges the current network security situation according to the corresponding rules. The task scheduling of this module uses the improved fair scheduling algorithm of Hadoop cluster, which can respond positively to the request of the first level network security management system, and is more suitable for the actual situation of the system. The data backup module combined with Hadoop cluster constructs a data storage center of a level Monua system. The data is divided into two parts: system data and event data. All the data are uploaded to the center to ensure consistency and availability.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP393.07

【参考文献】