作　　者： (王鲁华）; (杨宇波）; (赵阳）;

机构地区： 国家计算机网络应急技术处理协调中心,北京100029

出　　处： 《信息安全研究》 2017年第9期810-816,共7页

摘　　要： 随着计算机和互联网技术的飞速发展,网络安全问题变得日益重要和严峻,Bro作为目前动态入侵检测的主流平台,可以实现高速网络下的实时检测和报警,遵循分层原则,可扩展性高,提供了Bro语言和丰富的分析函数来定义事件引擎和规则引擎.ELK是Elasticsearch,Logstash,Kibana工具的集合,用来实现大量网络恶意数据的分析、记录,并利用数据挖掘技术进行恶意数据的行为和模式分析,达到新型或者变种恶意数据的预警和防范. With the rapid development of computer and Internet technology, network security has become increasingly important and serious,Bro as the current dynamic intrusion detection platform, can achieve high-speed network real-time detection and alarm. Bro follows the layering principle, has high extendibility, and provides Bro language and rich analysis functions to define event engines and rule engines. ELK is a collection of Elasticsearch, Logstash and Kibana tools for the analysis and recording of network malicious data. Based on data mining technology to analyze malicious data behavior and pattern, ELK achieves warning and prevention of new or mutated malicious data.

关 键 词： 信息安全 数据挖掘 入侵检测 关联预测 模式识别