基于异构系统的统一网络安全监控体系模型

针对大规模异构网络环境下安全行为的复杂性，现有的网络技术与管理缺少对海量原始数据的良好安全监控手段，本文提出构建统一的网络安全监控体系的思想，对各种异构数据源数据（审计日志和流量数据）进行标准化表示和整合，采用数据挖掘和小波分析的方法对数据进行分析处理，通过关联规则、流量规则和规则序列模式分析出整个网络的运行情况，对系统分析结果给出可视化结论，调整安全策略以适应网络安全动态性和整体性．

Hybrid-System Based Integrated Network Security Supervision System Model

In view of the complexity of network behavior among the hybrid systems,the technology and management of existing network systems are lack of enough effective security supervision measures for the great capability of the raw data.This paper developed a system model to supervise the security of network system,by normalizing and integrating the raw data from hybrid data-sources(including Syslog and traffic etc.),then using data-mining and wavelet technology to analyze the integrated information.At last this system used correlation rules,traffic rules and rule sequential pattern to analyze and drew out a visual conclusion of the network system security status which helps to adjust policy to enhance the system security.