| With the growing of intrusion and attacks against network systems, people pay more attention to network security. Currently, traditional network security products can not reflect network security status exactly any longer, so the research on Network Security Situational Awareness (NSSA) emerges, and it gradually becomes a hot topic in network security field. The NSSA system aims to monitor network security status from multiple perspectives, detect the potential or arisen anomalies in time, and reasonably forecast the network security status in time. In order to getting a great deal of related information, constructing kinds of security sensors becomes the foundation of NSSA. Considering SNMP is widely used, simple to realize and with high currency, it is used in this paper as an important network security situation data acquisition method, which acts as the data source in realizing security situational awareness in large scale network.First, the paper gives an overview of network anomaly detection technology. Then under the research topic, SNMP-based security performance data detection technology is introduced. To get real-time data required by NSSA, SNMP framework and multithreaded technology are researched and SNMP-based collecting-module of multithreaded performance data is realized. After that, three methods of network security and anomaly detection by switch, limitation and rate of change are provided. Further more, SNMP-based network performance data detection system is designed and the format of the events is given. The final section of the paper briefly presents some scenarios in which performance data is collected to detect attacks against their systems and then abnormal events are generated. This part tests the effectiveness of network security and anomaly detection. Finally, the conclusion is drawn and the further researches on this issue are put forward. |
PDF Full Text Request