| 网络安全事件关联分析技术与工具研究 |
| |
| 引用本文: | 琚安康,郭渊博,朱泰铭,王通.网络安全事件关联分析技术与工具研究[J].计算机科学,2017,44(2):38-45. |
| |
| 作者姓名: | 琚安康 郭渊博 朱泰铭 王通 |
| |
| 作者单位: | 信息工程大学 郑州450001数学工程与先进计算国家重点实验室 郑州450001,信息工程大学 郑州450001数学工程与先进计算国家重点实验室 郑州450001,信息工程大学 郑州450001数学工程与先进计算国家重点实验室 郑州450001,信息工程大学 郑州450001数学工程与先进计算国家重点实验室 郑州450001 |
| |
| 基金项目: | 本文受国家自然科学基金(61501515)资助 |
| |
| 摘 要: | 当前,以APT为代表的新型网络安全攻击事件频发并造成了巨大危害,其定制性、隐蔽性、持续性等特点使得传统攻击检测方法难以奏效。然而,随着大数据技术的日益发展,对各类安全相关事件及系统运行环境信息进行了有效关联,使得有效识别这类攻击和威胁成为可能,安全事件关联分析技术也随之应运而生。首先阐述了安全事件关联分析技术的重要性及其目标意义;然后对现有的安全事件关联分析技术进行了综述,从基于属性特征的关联分析、基于逻辑推理的关联分析、基于概率统计的关联分析、基于机器学习的关联分析等方面,分析描述了现有各种安全事件关联分析技术的机理及其优缺点;最后对现有的开源安全事件关联分析软件进行了综述,从应用场景、编程语言、用户接口以及关联方法等角度进行了综合比较。
|
| 关 键 词: | 关联分析 特征属性 逻辑推理 概率统计 机器学习 |
| 收稿时间: | 2016/1/27 0:00:00 |
| 修稿时间: | 2016/5/25 0:00:00 |
Survey on Network Security Event Correlation Analysis Methods and Tools |
| |
| JU An-kang,GUO Yuan-bo,ZHU Tai-ming and WANG Tong.Survey on Network Security Event Correlation Analysis Methods and Tools[J].Computer Science,2017,44(2):38-45. |
| |
| Authors: | JU An-kang GUO Yuan-bo ZHU Tai-ming and WANG Tong |
| |
| Affiliation: | Information Engineering University,Zhengzhou 450001,ChinaState Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China,Information Engineering University,Zhengzhou 450001,ChinaState Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China,Information Engineering University,Zhengzhou 450001,ChinaState Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China and Information Engineering University,Zhengzhou 450001,ChinaState Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China |
| |
| Abstract: | At present,the frequency of the new network security attacks events represented by APT is increasing,and it is more harmful to the enterprise information infrastructure.The new types of attack have the characteristics of customi-zation,concealment and continuity,and these make it more difficult for traditional detection methods to detect or predict these deep-hidden attacks in time.However,with the development of big data technology,people can correlate the information about security events and system running environment effectively,and this makes it possible to detect new types of attack and threat.In this paper,we expounded the importance of security event correlation analytics,and then discussed the existing correlation analysis techniques from the aspect of event attributes,logical reasoning,statistics and machine learning.Finally we introduced several commonly used open-source correlation analysis software,and synthetically compared them in application scenarios,programming language,user interface,and the correlation method used. |
| |
| Keywords: | Correlation analysis Feature attributes Logical reasoning Statistics Machine learning |
|
|
点击此处可从《计算机科学》下载全文 |
|
