基于数据流管理平台的网络安全事件监控系统

复杂而繁多的网络攻击要求监控系统能够在高速网络流量下实时检测发现各种安全事件．数据流管理系统是一种对高速、大流量数据的查询请求进行实时响应的流数据库模型．本文提出了一种将数据流技术应用到网络安全事件监控中的框架模型．在这个模型中，数据流管理平台有效地支持了对高速网络数据流的实时查询与分析，从而保证基于其上的网络安全事件监控系统能够达到较高的处理性能．利用CQL作为接口语言，精确描述安全事件规则与各种监拉查询，具有很强的灵活性与完整性．另外，系统能够整合入侵检测、蠕虫发现、网络交通流量管理等多种监控功能，具有良好的可扩展性，

Internet Security Event Monitor Based on Data Stream Management System

Complex and numerous network attacks require monitoring system to detect all kinds of security events under high speed internet traffic. Data stream management system is a stream database model which can respond to queries on high speed, huge volume streaming data on real time. This paper proposes a model framework which applies data stream technique to network security monitoring. In this model,data stream management system acts as a platform to support the efficient query and analysis of high speed network traffic. This guarantees the high performance of the monitoring system based on it. CQL language can describe numerous security event rules and monitoring queries exactly and flexibly. Such monitoring system can integrate the function of intrusion detection,worm detection and network traffic management ,ere ,which is well scalable.