| 电力信息安全监测管理中心数据采集层的研究 |
| |
| 引用本文: | 徐茹枝,郭健,白瑾.电力信息安全监测管理中心数据采集层的研究[J].华北电力大学学报,2010,37(6). |
| |
| 作者姓名: | 徐茹枝 郭健 白瑾 |
| |
| 摘 要: | 由于网络安全需求,电力企业在信息系统中部署了防火墙、防病毒、漏洞扫描、IDS和VPN等大量异构的安全防御产品,这些产品之间缺乏沟通协作和统一管理,产生的安全事件信息难以进行有效的关联整合。针对这一问题提出了基于数据挖掘的分布式、多协议支持的信息安全监测管理中心框架。重点对信息安全监测管理中心的数据采集层进行研究,包括采用基于代理的SYSLOG机制采集设备安全事件日志信息,采用基于硬件探针的监测技术实时采集路由器,交换机等网络设备的流量信息。采集层能准确可靠地为安全监测管理中心的分析层提供数据,保证系统的正常运行。
|
| 关 键 词: | 安全监测管理中心 数据采集层 SYSLOG代理 探针 |
Research on the data acquisition layer of power information security monitoring management center |
| |
| XU Ru-zhi,GUO Jian,BAI Jin.Research on the data acquisition layer of power information security monitoring management center[J].Journal of North China Electric Power University,2010,37(6). |
| |
| Authors: | XU Ru-zhi GUO Jian BAI Jin |
| |
| Abstract: | With demands for network security,power enterprises deployed a lot of heterogeneous security equipments such as firewalls,intrusion detection systems,VPN and anti-virus gateways which can produce massive security events and are difficult to manage efficiently.So a log-based mining,distributed,and multi-protocol supported framework of security monitoring management center is proposed.This paper describes the architecture of the system,and focuses on the research of the acquisition layer of system,including adopting SYSLOG agent mechanism to collect security event log information of device and using hardware probe technology to collect real-time traffic information of network equipment such as routers and switches.The acquisition layer provides accurate and reliable data to analysis layer of system and ensures the normal running of the system. |
| |
| Keywords: | security monitoring management center data acquisition layer SYSLOG agent probe |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
