Research On Key Technologies Of Network Security Event Analysis Based On Multi-Source Data

The rapid development of network and communication technology not only brings great convenience to social life,but also causes more and more network security problems,which have more and more adverse effects on personal life and social institutions.In order to maintain the normal operation and security of the network,network security event analysis technology has become a hotspot in network security research.However,the existing security event association analysis technology relies too much on the attributes of the event itself,and the associated security events are difficult to be explained reasonably.Anomaly detection technology is difficult to capture the real characteristics of the data,and the accuracy is not high.In addition,the data source and evaluation method of threat assessment technology are single,it is difficult to comprehensively and accurately assess the threat.This thesis studies network security event association analysis technology,network anomaly detection technology and security event threat assessment technology.Specifically include:Firstly,a vulnerability attribute-based security event association method is proposed.A vulnerability attribute knowledge base including the premise and consequence of vulnerability exploitation is established,and a vulnerability utilization-based association method is proposed,and an attack path security event generation algorithm based on vulnerability exploitation is proposed.The feasibility of the association method is verified by experiments,and 9 effective attack paths are generated through 6 vulnerabilities in the environment.Secondly,the model of critical event detection is proposed.The log is preprocessed at first,and then the distribution characteristics of security events are analyzed by using the real alert logs of smart grid.Based on the characteristics,an algorithm of critical event detection is designed to detect the critical events.And the experimental results show that the model is effective and the accuracy is 98%.Thirdly,a security event threat assessment method combining static and dynamic indicators is presented.PageRank algorithm is used to calculate node weights of the model,static index of vulnerability and the dynamic index of alert level and critical events and their utilization modes are presented respectively.Threats of attack path association event are quantitatively and compared.This method can more comprehensively and objectively rank the threat value of attack path.