证书认证系统中安全事件关联模型的设计及应用

Design and Implementation of a Security Event Correlation Model in Certificate Authentication

从证书认证(CA)系统中各种服务系统和安全设备每天产生的海量告警和日志中挖掘出有价值的信息,帮助管理员找到那些真正具有威胁的攻击,有效地保护系统安全,这是CA系统安全管理亟待解决的问题。文章提出了一个CA安全事件关联模型,在此模型的基础上讨论了安全事件的过滤方法和聚合方法,最后将该模型及关联方法应用于一个安全事件关联系统中进行测试。测试结果表明,基于该模型的安全事件关联分析效率更高。

How to effectively find out valuable abnormal behaviors from the numerous alarms and logs produced by all kinds of service systems and security products everyday, all of them must be analyzed and the true and non-redundant information should be extracted ,which is helpful to find the real problem and availably protect the safety of system. This is one of the biggest challenges which securi- ty management is facing in certificate authentication. In this paper we propose a CA security event correlation model, then discuss the filter and aggregation method based on the model. Finally, we ap- ply our model and methods on a security event correlation system . The test results show that the cor- relation of security event based on our model is more efficient.