期刊文献+

基于知识图谱驱动的网络安全等级保护日志审计分析模型研究 被引量:17

Research on Log Audit Analysis Model of Cyberspace Security Classified Protection Driven by Knowledge Map
下载PDF
导出
摘要 为了从海量的日志数据中审计分析安全事件,并进行事件溯源,文章提出基于知识图谱驱动的网络安全等级保护日志审计分析模型。该模型将安全、运维、数据分析和等级测评数据融合进行日志数据增益;将服务器、网络设备和安全设备作为本体构建节点;将业务数据流作为连接两个节点的关系,业务数据流的方向作为关系的方向。从安全管理中心、安全计算环境、安全区域边界和安全通信网络4个方面构建相应的网络安全等级保护日志知识图谱,实现网络日志的高效关联和深度挖掘分析,可以不需要对问题进行精确建模而在数据上直接进行分析和处理,适用于进行网络安全日志的大数据分析,为大规模复杂日志审计分析的求解提供了一种有效手段。 In order to audit and analyze security events from massive log data and trace the origin of events, this paper proposes the log audit analysis model of cyberspace security classified protection driven by knowledge map, which integrates security, operation and maintenance, data analysis and evaluation data of classified protection and gains log data. The servers, network devices and security devices are nodes of ontology, the business data flow are the relationships between the two nodes, and the direction of business data flow are the relationship direction. The knowledge map of cyberspace security classified protection log is constructed from four aspects: security management center, secure computing environment, secure area boundary and secure communication network. The efficient association and deep mining analysis of cyberspace log are realized, and the efficiency of audit analysis for cyberspace security abnormal events is improved. So that the data can be analyzed and processed directly without precise modeling. It is suitable for big data analysis of network security log and provides an effective method for solving large scale complex log audit analysis.
作者 陶源 黄涛 李末岩 胡巍 TAO Yuan;HUANG Tao;LI Moyan;HU Wei(The Third Research Institute of Ministry of Public Security,Shanghai 200031,China;Cyber Security Bureau of Ministry of Public Security,Beijing 100741,China;National Engineering Laboratory for Key Technology of Classified Information Security Protection,Beijing 100142,China)
出处 《信息网络安全》 CSCD 北大核心 2020年第1期46-51,共6页 Netinfo Security
基金 国家重点研发计划[2018YFB0803503]。
关键词 知识图谱 网络日志 等级保护 审计分析 knowledge graph cyberspace log classified protection audit analysis
  • 相关文献

参考文献8

二级参考文献120

  • 1陈周国,蒲石,祝世雄.匿名网络追踪溯源综述[J].计算机研究与发展,2012,49(S2):111-117. 被引量:14
  • 2刘克彬,李芳,刘磊,韩颖.基于核函数中文关系自动抽取系统的实现[J].计算机研究与发展,2007,44(8):1406-1411. 被引量:59
  • 3BELLOVIN S M, LEECH M, TAYLOR T. ICMP Traceback Messages [ EB/OL ]. [ 2013-11 - 18 ]. http ://academiccom- mons. columbia, edu/download/fedora _ content/download/ ac : 127254/CONTENT/draft-ietf-itrace-04. txt. pdf.
  • 4SNOEREN A C, PARTRIDGE C, SANCHEZ L A, et al. Hash-based IP Traceback [ C ]//Proceedings of the 2001 Conference on Applications, Technologies, Architec- tures, and Protocols for Computer Communications. San Diego, California, USA: ACM, 2001: 3-14.
  • 5KIYAVASH N, HOUMANSADR A, BORISOV N. Multi Flow Attacks Against Network Flow Watermarking Schemes[ C l// Proceedings of 17th USENIX Security. San Jose : USENIX Association, 2008:307-320.
  • 6CHAO Gong, SARAC K. A More Practical Approach for Single Packet IP Traceback Using Packet Logging and Marking[ J]. IEEE Transactions on Parallel and Distribu- ted Systems,2008, 19(10) : 1310-1324.
  • 7占勇军,谢冬青,周再红,罗莉莉.IPv6下基于改进的SPIE源追踪方案[J].计算机工程与科学,2007,29(4):11-13. 被引量:5
  • 8Abadi D, Agrawal R, Ailamaki A, et al. The beckman report on database research[R]. (2013-10-15)[2014-11- 30]. http://beckman. cs. wise, edu/.
  • 9International Data Corporation. EMC digital universe study with research and analysis by IDC[R]. 2014[2014-11-30]. http://www.emc.com/leadership/digital-universe/index.htm.
  • 10A thanassoulis M, Chen S, Ailamaki A, et al. MaSM: Efficient online updates in data warehouses[C]//Proc of the SIGMOD Int Conf on Management of Data. New York: ACM, 2011: 865-876.

共引文献1339

同被引文献107

引证文献17

二级引证文献41

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部