导　　师： 李芝棠

学科专业： 081201

授予学位： 博士

作　　者： ;

机构地区： 华中科技大学

摘　　要： 随着计算机网络及其应用的发展,网络面临的安全威胁愈演愈烈,风险越来越大。一方面,攻击手段日益复杂,综合利用系统漏洞、用户疏漏、蠕虫和病毒等进行的网络攻击已司空见惯;另一方面,攻击目标日益广泛,网络端点和网络基础设施等所有可能影响系统应用的各个方面都可能成为攻击的目标。另外,安全事件日益庞大,众多安全设备产生了大量异构安全事件,其中充斥着很多冗余或不可靠信息。只有从这些庞杂的安全事件中挖掘出真正的攻击才能对网络安全做出合理的评估和正确响应。因此,在异构网络环境中设计和实现一个统一、动态的安全管理架构,并进行事件处理的整合和关联的研究就成为当今网络管理和网络安全技术研究的一大热点。 针对网络安全管理的现状和问题,提出一种动态自治的网络安全管理架构/(DASN/)。从全局角度对网络安全状况进行分析、评估与管理。DASN的动态接入模型通过安全节点的代理机制,使DASN网络成为一个动态扩展的边界防御安全网络。DASN网络的自治安全策略模型,有效地避免网络中因不安全的节点接入所带来的潜在风险,并保证整个DASN网络策略的自治,使得各种异构的产品形成的DASN网络按照统一的策略进行工作。本网络架构集系统管理、安全策略定义、配置及实施功能于一体,实现独立于底层安全机制的策略配置管理体系。在DASN网络中使用实时风险评估技术从整体上评估DASN网络所监控的网络和主机的安全态势。 对异构网络环境下安全事件的归一化描述问题,提出了基于分布式安全管理代理的安全事件采集、标准化和归约解决方案,为后续的全局安全事件聚类与关联提供了相对精简以及较为准确的初级安全事件流。异构网络中安全事件可以分为两大类——故障事件与告警事件,应采取相应的方法进行� As the development of network application and technology, network security threat like illegal access, malice attacks and virus spread etc become more and more serious. Therefore, to protect the security of network system, security equipment like firewall, IDS, anti-virus, identification, data encryption, security audit etc. are widely used in the network system. However, amount of network event appear though these security equipments have certain effect in particular aspect and they make technology of network security management especially technology of network security event management become the hot key of network management and security technologies research. Otherwise, too large number of security equipments produces too many security events which contain a lot of unrealiable and redundant events, which make the imformations collected from these equipments become valueless. But the network security management administrators not only control the special security condition in some aspects of the network, but also need to know the global security condition from all of security events. Security events management is the precondition and foundation of the whole security event management system.Only having mined real security attacks and threatens from enough security events, can the administer make the reasonable assessment to their network,establish more scientific security policy and response to the security attacks or threatens in time. Therefore, establishing a unified network security events management framework becomes very worthness today. Aim at the status of network security management, we bring forward a kind of autonomic network security management framework which can build dynamically and analysis network status from entire view /(DASN/).Through agent mechanism, DASN can spread its border dynamically. The DASN network use united policy to avoid potential risks which are imported by unassured node. The DASN autonomic model makes kinds of isomerous network security equipments work with united pol

关 键 词： 网络安全 事件管理 事件关联 规约 小波分析 关联时间窗口

领　　域： [自动化与计算机技术] [自动化与计算机技术]