摘要
为了对各类网络安全设备所产生的安全事件进行有效管理,设计和实现了一个分布式安全事件管理系统Dis-SEM,并提出数据解码技术和安全事件分析关键技术对。数据解码技术主要对安全事件数据进行解码,从而使不同的安全事件具有相同的格式。安全事件分析技术主要是对解码后的安全事件进行过滤和关联。Dis-SEM系统主要用于对受控环境中的安全事件进行采集、分析和展示,并采取及时的预警和响应措施。测试结果表明,该系统能有效地对分布式环境中的安全事件进行管理。
To manage efficiently security events generated by different network security devices, a distributed security event management system (Dis-SEM) is designed and implemented, and data decoding technique and the security event analysis technique are proposed. Data decoding technique is used to decode data of security events. Security events have the same data format based on data decoded. Security event analysis technique is used to filter and associate security events decoded. This system is mainly used to collect, analyze and display security events of controlled network environment, and an immediately warning and response is given to these security events. Experimentation results show that Dis-SEM can manage efficiently security event of distributed network environment.
出处
《计算机工程与设计》
CSCD
北大核心
2012年第11期4109-4115,4120,共8页
Computer Engineering and Design
关键词
安全事件
采集数据
安全设备
数据解码
事件管理系统
security event
collecting data
security device
data decoding
event management system
