摘要
随着计算机网络的飞速发展和各行业应用的广泛使用,传统的安全审计和分析技术不再适用海量、多源、多类型数据环境下新型的应用威胁。论文首先提出了一种大数据环境下的应用安全态势感知模型,并设计了应用安全指标量化体系;然后在该模型和体系的基础上,设计了基于分布式架构的应用安全态势分析系统,该系统利用层次化功能模块从大规模多源异构的系统日志中,利用Splunk等分析工具提取有效的安全事件,进行用户-应用-数据间的实时关联分析,发现安全风险和潜在威胁。
With the extensive use of various applications, the traditional security audit and analysis techniques are no longer applicable to change of new application threat. First of all, an application security awareness model under the big data environment model is proposed, and the application security quantitative index system is designed. Secondly, based on the above model, an application security situation analysis system based on distributed architecture is designed, the system uses a hierarchical and modular function module, extracts security events from the mass, multi-source and heterogeneous application log based on splunk, and performs real-time correlation analysis, and finds the security risks and potential threats.
出处
《网络空间安全》
2017年第2期54-59,共6页
Cyberspace Security
基金
北京市科技计划(D161100003316002)
国家重点研发计划(2016YFB0800605)
关键词
应用安全
安全态势
关联分析
大数据
application security
security situation
correlation analysis
big data
