摘要
安全管理中心作为安全信息抽取平台、风险管理平台和安全决策平台,通过安全策略的集中部署、安全事件的深度感知、安全部件的协同响应提高网络系统整体应对安全威胁的能力。为了解决海量安全数据管理和安全事件高误报率问题,依托安全管理中心环境,对关联引擎技术进行了研究。通过对基于规则关联的关联引擎原型设计、实现和测试,结果表明统一安全数据格式、关联安全消息使关联引擎技术成为解决海量安全数据管理和安全事件高误报率问题的有效技术手段。
Security operation center (SOC), as a platform of security information extraction, risk management and security decision, the whole capability of network system is elevated to security threats through the central arrangement of security policies, the deep sense of security events and the cooperative response of security components. In order to resolve the management of huge security data and high false positive of security events, correlation engine technology is researched depending upon the environment of SOC. The results of design, realization and test of correlation engine prototype based on rule correlation prove that correlation engine technology has been becoming an effective technique on resolving the management of huge security data and high false positive of security events, through unifying security data format and correlating security alerts.
出处
《计算机工程与设计》
CSCD
北大核心
2007年第13期3085-3087,共3页
Computer Engineering and Design
关键词
安全管理中心
关联引擎
关联
持续关联
规则关联
security operation center
correlation engine
correlation
backlog correlation
rule correlation