摘要
为了解决当前大型企业对其所使用的分布式IT资源系统进行监控时,由于安全信息与业务信息之间缺乏相应的关联方案所引发的集中监控事件数量庞杂、故障分析不明确及处理过程中人为因素过大等问题,提出一种应用于现有的信息环境,基于复杂事件处理CEP(Complex Event Processing)思想对集中汇总的监控事件进行匹配分析的创新解决方案(SMEP)。同时提出一种新的算法(SMEP-Algorithm)用来对积累的监控事件进行关联预处理。实验数据表明,提出的方案可以通过对监控报警事件的处理实现业务与安全的关联分析,自动地实现故障定位,有效地提高故障处理效率。
In order to solve the issue that when monitoring large distributed IT resource systems used by large enterprises, the lack of corresponding correlation scheme between security information and business information triggers the problems including heterogeneous number of centralised monitoring events, the ambiguous fault analysis and excessive human factors in the processing, etc., we put forward an innovative solution--the solution of monitor events processing ( SMEP), which is applied in existing information environment and is based on the matching analysis of the concentrated summary of the monitoring events with complex event processing (CEP) idea. Meanwhile we also present a new algorithm (SMEP-algorithm) to achieve the correlation pretreatment of accumulated monitor events. Experimental data show that the scheme presented in this paper can realise the correlation analysis of business and security and the automatic fault location by dealing with monitoring alarm events, effectively improves the fault handing efficiency.
出处
《计算机应用与软件》
CSCD
北大核心
2013年第8期302-306,共5页
Computer Applications and Software
