Research On Key Technologies Of Network Security Threat Perception Based On Multi-source Log

With the rapid development of information technology in recent years,the network has gradually become an indispensable part of people's production and life,and more and more people have begun to pay attention to network security.A variety of security products such as firewall,intrusion detection system,intrusion prevention system,etc.are used to detect the threat of attack in the network,to ensure that the network can run safely.However,these security products can only play their role in a certain range and lack effective cooperative management mechanism.Faced with these scattered information,network security administrators can not timely understand the current network attack threats,take appropriate measures to deal with these threats.In order to grasp the current attack threat of the network as a whole and ensure the safe operation of the network,the network security threat perception technology emerges as The Times require and becomes a new hotspot in the network security research.It has become the mainstream of current research to perceive network security threat from the logs generated by various network security protection devices,including intrusion detection devices,intrusion prevention devices,firewalls and operating systems.However,most of the studies are separate analysis and processing of various types of logs,and the results cannot accurately reflect the current network threats.Based on multi-source logs,this paper studies the key technologies of network security threat perception from several important aspects,such as network security threat perception model,log preprocessing and aggregation,and network attack event fusion analysis,mainly including the following contents:(1)It gives a detailed introduction to network threat and threat perception.In terms of threat situation data and factor analysis,this paper firstly introduces the concepts of log and network attack generated by common network security protection equipment,and briefly introduces the aggregation of log and fusion analysis of attack events.(2)In terms of model research,a network security threat perception model based on multi-source logs is proposed based on the network security situation awareness model.(3)When multi-source logs are processed,a step by step strategy is adopted.Firstly,the original log is preprocessed to get the simplified log.Then,the improved attribute similarity method is used to analyze the simplified logs and obtain the network attack events.Finally,the improved d-s evidence theory is adopted to fuse the multi-source attack events,and the attack events with high credibility are obtained,which are regarded as the threat situation elements of network security.Finally,the thesis summarizes the work of this paper,and prospects the research work of network security threat perception based on multi-source log,and points out the future research direction.