摘要
为解决Elastic Search大数据环境下的网络安全交互式分析场景中存在的原生DSL语言语法复杂、多个索引间的关联能力较弱等问题,研究并构建基于Elastic Search的网络安全交互式分析系统。通过一种新的语言CSIAL来简化网络安全分析的操作,利用语句的解析结果去调用相应API来实现对网络安全相关数据的基本查询与分析,通过一定方法扩展Elastic Search所不具有的子查询、连接查询等功能,对连接过程进行优化,实现介于安全分析人员与数据之间的交互式分析桥梁。实验结果验证了该方法的有效性。
To solve the problems in the interactive analysis scenario of network security in Elastic Search big data environment,such as complex syntax of native DSL language and weak association ability among multiple indexes,an interactive network security analysis system based on Elastic Search was studied and constructed.A new language CSIAL was used to simplify the operation of network security analysis,the results of statement analysis were used to call the corresponding API to realize the basic query and analysis of network security related data,certain methods were used to expand sub query,connection query and other functions which Elastic Search did not have.The connection process was optimized and an interactive analysis bridge between security analysts and data was realized.Experimental results show the effectiveness of the method.
作者
邹峰
陈兴蜀
罗永刚
ZOU Feng;CHEN Xing-shu;LUO Yong-gang(College of Cybersecurity,Sichuan University,Chengdu 610065,China;Cybersecurity Research Institute,Sichuan University,Chengdu 610065,China)
出处
《计算机工程与设计》
北大核心
2021年第9期2433-2438,共6页
Computer Engineering and Design
基金
国家自然科学基金青年科学基金项目(61802270)。
关键词
网络安全
交互式
分析语言
弹性搜索
关联查询
cyber security
interactive
analytical language
elastic search
association query
