摘要
复杂而繁多的网络攻击要求监控系统能够在高速网络流量下实时检测发现各种安全事件.数据流管理系统是一种对高速、大流量数据的查询请求进行实时响应的流数据库模型.本文提出了一种将数据流技术应用到网络安全事件监控中的框架模型.在这个模型中,数据流管理平台有效地支持了对高速网络数据流的实时查询与分析,从而保证基于其上的网络安全事件监控系统能够达到较高的处理性能.利用CQL作为接口语言,精确描述安全事件规则与各种监控查询,具有很强的灵活性与完整性.另外,系统能够整合入侵检测、蠕虫发现、网络交通流量管理等多种监控功能,具有良好的可扩展性.
Complex and numerous network attacks require monitoring system to detect all kinds of security events under high speed internet traffic. Data stream management system is a stream database model which can respond to queries on high speed, huge volume streaming data on real time. This paper proposes a model framework which applies data stream technique to network security monitoring. In this model,data stream management system acts as a platform to support the efficient query and analysis of high speed network traffic. This guarantees the high performance of the monitoring system based on it. CQL language can describe numerous security event rules and monitoring queries exactly and flexibly. Such monitoring system can integrate the function of intrusion detection,worm detection and network traffic management ,ere ,which is well scalable.
出处
《小型微型计算机系统》
CSCD
北大核心
2006年第2期237-240,共4页
Journal of Chinese Computer Systems
基金
国家自然科学基金项目(60273016)资助
国家"八六三"高技术研究发展计划基金项目(2001AA14资助
关键词
数据流管理系统
网络安全
入侵检测
监控
data stream management system
network security
intrusion detection
monitoring
