| 基于安全管理中心的关联引擎技术的研究 |
| |
| 引用本文: | 韦潜,夏清国.基于安全管理中心的关联引擎技术的研究[J].计算机工程与设计,2007,28(13):3085-3087. |
| |
| 作者姓名: | 韦潜 夏清国 |
| |
| 作者单位: | 西北工业大学,陕西,西安,710065 |
| |
| 摘 要: | 安全管理中心作为安全信息抽取平台、风险管理平台和安全决策平台,通过安全策略的集中部署、安全事件的深度感知、安全部件的协同响应提高网络系统整体应对安全威胁的能力.为了解决海量安全数据管理和安全事件高误报率问题,依托安全管理中心环境,对关联引擎技术进行了研究.通过对基于规则关联的关联引擎原型设计、实现和测试,结果表明统一安全数据格式、关联安全消息使关联引擎技术成为解决海量安全数据管理和安全事件高误报率问题的有效技术手段.
|
| 关 键 词: | 安全管理中心 关联引擎 关联 持续关联 规则关联 安全威胁 管理中心 规则关联 引擎技术 研究 center operation security based technology engine correlation 手段 有效技术 数据格式 统一 结果 测试 原型设计 对关联 |
| 文章编号: | 1000-7024(2007)13-3085-03 |
| 修稿时间: | 2006-06-22 |
Research of correlation engine technology based on security operation center |
| |
| WEI Qian,XIA Qing-guo.Research of correlation engine technology based on security operation center[J].Computer Engineering and Design,2007,28(13):3085-3087. |
| |
| Authors: | WEI Qian XIA Qing-guo |
| |
| Abstract: | Security operation center(SOC),as a platform of security information extraction,risk management and security decision,the whole capability of network system is elevated to security threats through the central arrangement of security policies,the deep sense of security events and the cooperative response of security components.In order to resolve the management of huge security data and high false positive of security events,correlation engine technology is researched depending upon the environment of SOC.The results of design,realization and test of correlation engine prototype based on rule correlation prove that correlation engine technology has been becoming an effective technique on resolving the management of huge security data and high false positive of security events,through unifying security data format and correlating security alerts. |
| |
| Keywords: | security operation center correlation engine correlation backlog correlation rule correlation |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
