面向移动通信网络的安全事件管理技术及方法研究

发布时间：2018-05-18 15:50

本文选题：通信网络 + 安全事件　；参考：《西安电子科技大学》2015年硕士论文

【摘要】：随着通信技术的飞速发展,已经经历了从2G到3G再到4G的阶段,第四代通信技术的出现,加速了通信技术的发展过程,拓展了原有移动通信技术的发展内涵和范畴,将更加适合所有移动通信用户。软交换技术的出现,促使通信网从传统TDM、ATM的传输方式向IP化的方式转变,给攻击者提供了一个更加开放的攻击平台。虽然,各大通信运营商在网络规划时已经采取相应的安全防护、安全隔离等措施。但是,所有的安全防护设备均独立进行安全防护,这就使得众多的安全设备会产生大量的异构安全事件,造成通信网中安全事件日益庞大,其中充斥着很多冗余或不可靠信息。只有从这些庞杂的安全事件中挖掘出真正的攻击,才能使网络管理人员对网络安全作出合理的评估和正确的响应。对于通信网络中安全设备所产生的各类安全事件,只有对各类安全事件作出正确的、合理的评估及响应才能确保通信网络安全可靠的运行。本文对移动通信网络中的各类安全事件所产生的影响进行分析,针对网络设备安全事件的关联准确度和安全预警的准确度进行研究。由于移动通信网络设备多,设备告警、性能告警、日志和事件信息、报警信息事件量大,为了更好的做好移动通信网络安全事件管理,必须在安全事件关联方式上进行研究。本文首先将采取基于规则的关联与基于统计的关联、基于资产的关联、基于行为的关联等多种关联组合使用的方法,以达到高效的分析安全告警、挖掘安全隐患、判断安全事件的严重程度和实质影响在实际的工程领域,通过建立ISMP(信息安全管理平台)系统,实现对不同厂家、不同设备所产生的安全事件进行处理。其次,安全事件处理的过程是事件采集、事件预处理、事件关联分析、事件响应。整个安全事件处理过程中的核心是安全事件关联分析,结合移动通信网络特点,本文就如何提升安全事件关联准确度,依照RETE网络模式匹配的特点,提出基于混合关联方式模型,提高了安全事件的关联度。最后,针对当前运营商的安全事件处理方式:被动防御(当安全事件发生后才进行响应),本论文中提出了风险管理的模型,通过基于威胁和脆弱性的风险计算、资产价值的风险计算对设备的风险进行等级定义,通过预警触发源以实现安全事件预警,从而实现安全事件的主动防御。通过安全事件关联分析过程实现风险管理,通过知识库的积累,在移动通信网中实现主动防御系统的建立,对即将发生的安全威胁进行预测,提前进行响应的安全防护体系。
[Abstract]:With the rapid development of communication technology, it has gone through the stage from 2G to 3G to 4G. The emergence of the fourth generation communication technology accelerates the development process of communication technology, and expands the connotation and scope of the original mobile communication technology. Will be more suitable for all mobile users. The emergence of softswitch technology makes the communication network change from the traditional TDMN ATM transmission mode to the IP mode, and provides a more open attack platform for the attacker. Although, the major communication operators in the network planning has taken appropriate security protection, security isolation and other measures. However, all the security protection devices carry out security protection independently, which makes a large number of security devices produce a large number of heterogeneous security incidents, resulting in an increasingly large number of security events in communication networks, in which a lot of redundant or unreliable information is flooded. Only by digging out real attacks from these complex security events can network managers make a reasonable assessment and correct response to network security. For all kinds of security events caused by security equipment in communication network, only by making correct, reasonable evaluation and response to all kinds of security events can we ensure the safe and reliable operation of communication network. In this paper, the influence of various security events in mobile communication network is analyzed, and the correlation accuracy of network equipment security events and the accuracy of security early warning are studied. Due to the large number of mobile communication network devices, equipment alarm, performance alarm, log and event information, alarm information events, in order to do a better job of mobile communication network security event management, we must study the security event association mode. In this paper, we first adopt the combination of rule-based association and statistical association, asset-based association, behavior-based association and so on, in order to efficiently analyze the security alarm and mine the security hidden danger. To judge the severity and essential influence of security events in the practical engineering field, the ISMP (Information Security Management platform) system is established to deal with the security incidents produced by different manufacturers and equipment. Secondly, the process of security event processing is event collection, event preprocessing, event correlation analysis and event response. The core of the whole process of security event processing is security event association analysis. Combined with the characteristics of mobile communication network, this paper discusses how to improve the accuracy of security event association, according to the characteristics of RETE network pattern matching. Based on the mixed correlation mode model, the correlation degree of security events is improved. Finally, in view of the current security event handling mode of operators: passive defense (when the security event occurs to respond), this paper proposes a risk management model, through the threat and vulnerability based risk calculation, The risk calculation of asset value defines the risk level of equipment and realizes the early warning of security event through the trigger source of early warning so as to realize the active defense of security event. Through the process of security incident association analysis, the risk management is realized. Through the accumulation of knowledge base, the active defense system is established in the mobile communication network, and the security protection system is designed to predict the imminent security threat and respond in advance.
【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TN929.5;TN915.08

【参考文献】