电信网络海量安全事件关联分析引擎技术研究

doi:10.3969/j.issn.1000-0801.2013.10.029

Abstract

Abstract:

Correlation analysis engine which correlate isolated security event as a chain to find out the real threat from a large number of false alarms or low level ones,is a key module of security operations centre（SOC）.The traditional correlation analysis mechanism is divided into two types:state machine and inference-engine.For poor precision and low efficiency,they don't adapt telecom network application.A new correlation analysis mechanism based on consecutive state by inference-engine was presented,which executed efficiently and accurately,to solve the problems of correlation analysis engine applied in telecom network.

Key words: security operations centre, correlation analysis engine, consecutive state, telecommunication network

Ning Fan,Guoshui Shi,Jun Shen,Huamin Jin. Correlation Analysis Approach About Numerous Security Information and Event in Telecommunication Network[J]. Telecommunications Science, 2013, 29(10): 168-172.

处理速率（eps）	状态机		推理机		基于序列推导
处理速率（eps）	告警丢失量	分组丢失率	告警丢失量	分组丢失率	告警丢失量	分组丢失率
8 000	4条	0	15条	100%	0	0
4 000	2条	0	15条	27.81%	0	0
2 000	0	0	1条	2.15%	0	0
1 000	1条	0	0	0.07%	0	0
500	0	0	0	0	0	0

1	史简，郭山清，谢立 . 统一网络安全管理平台的研究与实现. 计算机应用研究， 2006（9）:92～97
2	Harel D . Statecharts:a visual formalism for complex systems. Science of Computer Programming, 1987（8）:231～274
3	Dain O M , Cunningham R K . Building scenarios from a heterogeneous alert stream. Proceeding of the 2001 IEEE Workshop on Information Assurance and Security,United States Military Academy,West Point,NY,USA, 2001:231～235
4	陈春霞，黄皓 . 攻击模型的分析与研究. 计算机应用研究， 2005（7）:115～118
5	姚键，叶保留，蔡圣闻等. 安全管理研究综述. 计算机科学， 2004,31（8）:1～4

[1]	Tao LI, Chunjia WANG, Shanshan LI. Research on intelligent scheme of telecommunication network [J]. Telecommunications Science, 2023, 39(3): 162-172.
[2]	Yang WANG,Yi MAN,Zhipeng CHEN. Fault early warning model of 4G base station out of service based on centralized monitoring data resources [J]. Telecommunications Science, 2016, 32(7): 188-196.
[3]	Yuan LIN,Yanbin WANG,Hui ZHANG,Jiahai YANG. Modeling method of telecommunication network resources [J]. Telecommunications Science, 2016, 32(1): 112-118.
[4]	Zhimin Yang,Bin Wu,Ran Shu. Maintenance Analysis Method Based on Big Data Processing Technology in Power Telecommunication Network [J]. Telecommunications Science, 2015, 31(11): 166-173.
[5]	Lin Ge,Xinsheng Ji,Tao Jiang. Research on Situation Awareness Model of Information Content Security Incidents in Telecommunication Network [J]. Telecommunications Science, 2014, 30(2): 14-20.
[6]	Qian Liu. Research Status About Home Network Based on Telecommunication Network Standard [J]. Telecommunications Science, 2006, 22(3): 4-7.

Correlation Analysis Approach About Numerous Security Information and Event in Telecommunication Network

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 6

References 5

Related Articles 6

Metrics

Recommended 0