期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

网络安全运营中心关键技术研究 被引量:8

Research on key technologies of network security operations centre
下载PDF
导出
摘要 网络安全运营中心(SOC)是近年在国内外迅速发展的一种网络安全管理技术。提出了一个集安全信息采集、关联分析和响应控制于一体的闭环SOC体系结构,并对其实现过程中涉及的安全事件关联信息模型、事件实时风险评估等关键技术进行了深入的讨论。实现的SOC能够显著降低检测系统的漏警和误警率,对突发安全事件做出及时有效的响应,最小化网络风险。 Network security operations centre(SOC) is one kind of focal network security management technology in recent years.A closedring SOC architecture is proposed,which is composed of security event collecting,correlation analysis and response control phrases.Security event correlation information model and security event realtime risk assessment technologies involved in SOC implementation are investigated.The SOC implemented can dramatically reduces the rate of false positive and false negative of intrusion detection systems,efficiently react to emerging security events,and minimize network security risk.
作者 赵彬 王亚弟 徐宁 李立新
机构地区 解放军信息工程大学
出处 《计算机工程与设计》 CSCD 北大核心 2009年第9期2117-2120,2170,共5页 Computer Engineering and Design
基金 国防重点预研基金项目(9140A26010306JB5201)
关键词 网络安全运营中心 P2DR模型 安全事件 关联信息模型 事件实时风险评估 network security operations centre P2DR model security event correlation information model event realtime risk assessment
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1Morin B,Me L,Debar H,et al.M2D2: A formal data model for IDS alert correlation[C].Proc of Recent Advances in Intrusion Detection.Berlin:Springer-Verlag,2002:115-127.
  • 2Renaud Bidou. Security operation center concepts and implementation[R].France: Iv2 Technologies,2003.
  • 3IETF Intrusion Detection Exchange Format Working Group. The intrusion detection message exchange format [EB/OL]. http://xml.coverpages.org/draft-ietf-idwg-idmef-xml- 12.txt, 2004-07-08.
  • 4Anderson H.Introduction to nessus[EB/OL], http://www. securityfocus.com/infocus/1741,2003.
  • 5赵彬,王亚弟,李立新,李鼎.利用关联和风险评估方法减少误报和漏报[J].计算机应用研究,2008,25(10):3105-3107. 被引量:3
  • 6Ning P, CUI Y, Reeves D S,et al.Techniques and tools for analyzing intrusion alerts[C]. ACM Trans on Information and System Security,2004,7(2):274-318.
  • 7Zimmermann J,Me L,Bidan C.An improved reference flow control model for policy-based intrusion detection[C].Proc of the 8th European Symposium on Research in Computer Security. Gj-vik: Springer-Verlag,2003:291-308.
  • 8Ning ECui Y.Analyzing intensive intrusion alerts via correlation[C].Zurich, Switzerland: Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection, 2002.

二级参考文献6

  • 1MORIN B, M'e L, DEBAR H, et al. M2D2: a formal data model for IDS alert correlation [ C ]//Proc of the 5 th International Symposium on Recent Advances in Intrusion Detection. 2002:115-137.
  • 2CVE dictionary[ EB/OL]. [ 2007-01-03 ]. http://www. cve. mitre. org.
  • 3ANDERSON H. Introduction to Nessus [ EB/OL]. (2003-10). http ://www. securityfocus. com/infocus/1741.
  • 4KARG D, MUNOZ J D, GIL D, et al. Open source security information management general system description [ EB/OL ]. ( 2003-12 ). http ://sourceforge. net/projects/os-sim/.
  • 5STONEBURNER G, GOGUEN A, FERINGA A. Risk management guide for information technology system [ R ]. [ S. l. ] : NIST SP, 2002.
  • 6NING P, XU D. Alert correlation through triggering events and common resources[C]//Proc of the 20th Annual Computer Security Applications Conference. Washington DC: IEEE Computer Society, 2004.

共引文献2

同被引文献73

引证文献8

二级引证文献28

计算机工程与设计
2009年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部