摘要
随着网络攻击的频繁出现,使得人们对网络安全实时监控的需求日益迫切,而如何快速高效地处理大量安全事件是监控的关键之一。将事件流技术应用到网络安全事件处理中,提出了一种监控系统框架模型,在该模型系统中,基于EQL接口语言的规则引擎管理事件流,可有效支持对高速大规模网络事件实时分析,并保证基于其上的事件监控系统能够高效运行。
Complex and various network attacks have occurred frequently, thus the people begin to realize the importance of real-time supervision on the network security. The event-stream technology is applied to process the security events, and the framework model of security supervision system is designed. This system has the function of immediately collecting and parsing alert events from different network security devices when some attacks occur suddenly, meanwhile, in this model system, the EQL interface language-based rule engine is used to manage the event-stream, this could effectively support the real-time query and analysis on large-scale network events.
出处
《信息安全与通信保密》
2010年第2期92-94,共3页
Information Security and Communications Privacy
基金
国家自然科学基金资助项目(批准号:60772098)
教育部新世纪优秀人才支持计划项目(NCET-06-0393)
上海市曙光计划项目
863计划(基于攻击图及博弈理论的安全事件处理关键技术及系统)
