摘要
针对现有网络安全技防策略在处理告警信息时,计算结构单一,导致运行时间长、效率低,为此提出基于多源告警信息关联分析的网络安全技防技术研究.在明确其攻击意图的基础上提取有效告警信息数据,通过关联分析的算法,对多源告警信息进行聚合、去冗余处理;设计基于关联分析规则匹配的告警信息管理流程;建立网络安全技防技术平台;实现基于多源告警信息关联分析的网络安全技防技术研究.实验结果表明,在同一运行时间内,告警信息数量明显减少,提高了网络安全报警率.
For the existing network security strategy in dealing with the alarm information,the calculation structure is single,which leads to the problems of long running time and low efficiency.This paper proposed a network security technology research based on multi-source alarm information correlation analysis.On the basis of clarifying the attack intention,the effective alarm information data is extracted,and the multi-source alarm information is aggregated and de-redundant by association analysis algorithm;the alarm information management process based on association analysis rules matching is designed,and the network security technology platform is established to realize the network security technology research based on multi-source alarm information association analysis.The experimental results show that in the same running time,the number of alarm information is significantly reduced,and the network security alarm rate is improved.
作者
黄强
鲁学仲
运凯
李浩升
赵梅
康婉晴
Huang Qiang;Lu Xuezhong;Yun Kai;Li Haosheng;Zhao Mei;Kang Wanqing(State Grid Xinjiang Information&Telecommunication Company,Wulumuqi 830063)
出处
《信息安全研究》
2021年第11期1041-1046,共6页
Journal of Information Security Research
关键词
告警信息
关联分析
网络安全
多源融合
技防技术
alarm information
correlation analysis
network security
multi source fusion
technical defense technology
