基于ELK流量分析平台在高校网络安全管理中的应用
|
摘要
网络安全设备普遍存在误报率高、难以验证的问题,对于已发生网络安全技术事件,也缺乏追踪和溯源的手段。基于ELK流量分析,可以实时采集校园网的流量并对数据进行分类。在ELK数据平台进行分布式存储,从多个维度建立分析视图,以不同的业务场景和图形方式进行展示。该方案可以发现校园网中的访问攻击并相互印证,为网络安全防御体系建设提供新的技术方案。同时可以提供访问日志审计为网络故障处理提供支持,提升校园网运维和信息安全管理水平。
The problem of high false alarm rate and difficult to verify exists in network security equipment. There is also a lack of traceability for the network security technology event has occurred. Based on ELK traffic analysis, we could collect and classify the traffic of campus network in real time, store the data in ELK data platform in a distributed way, build analysis views from multiple dimensions, and display them in different business scenarios and graphics. This scheme can discover the access attacks in the campus network and prove each other, and it provide a new technical solution for the construction of network security defense system. It also provide access log audit to support network fault handling and improve the level of campus network operation and information security management.
The problem of high false alarm rate and difficult to verify exists in network security equipment. There is also a lack of traceability for the network security technology event has occurred. Based on ELK traffic analysis, we could collect and classify the traffic of campus network in real time, store the data in ELK data platform in a distributed way, build analysis views from multiple dimensions, and display them in different business scenarios and graphics. This scheme can discover the access attacks in the campus network and prove each other, and it provide a new technical solution for the construction of network security defense system. It also provide access log audit to support network fault handling and improve the level of campus network operation and information security management.
引文
[1] 高凯.大数据搜索与挖掘及可视化管理方案[M].3版.北京:清华大学出版社,2017.
[2] 饶琛琳.ELK Stack权威指南[M].2版.北京:机械工业出版社,2017.
[3] 曾恒.基于ELK的网络安全日志管理分析系统的设计与实现[D].北京:北京邮电大学,2017.
[4] 360企业安全研究院.走进安全:网络世界的攻与防[M].北京:电子工业出版社,2018.
[5] 姚攀,马玉鹏,徐春香.基于ELK的日志分析系统研究及应用[J].计算机工程与设计,2018,39(7):2090-2095.
[6] Lei X F,Wang Z,He Y Z.The Data Management and Real-time Search Based on Elasticsearch[C]//2015 4th International Conference on Computer,Mechatronics,Control and Electronic Engineering.2015.
[7] Sung J S,Kwon Y M.Performance of ELK stack and commercial system in security log analysis[C]//Malaysia International Conference on Communications,2017.
[8] Prakash T,Kakkar M,Patel K.Geo-identification of web users through logs using ELK stack[C]//2016 6th International Conference—Cloud System and Big Data Engineering(Confluence).IEEE,2016.
[9] Dharur S,Swaminathan K.Efficient surveillance and monitoring using the ELK stack for IoT powered Smart Buildings[C]//International Conference on Inventive Systems and Control,2018.
[10] Al-Mahbashi I Y M.Network security enhancement through effective log analysis using ELK[C]//2017 International Conference on Computing Methodologies and Communication(ICCMC),2017.
[11] Jati G,Hartadi B,Putra A G,et al.Design DDoS attack detector using NTOPNG[C]//International Workshop on Big Data & Information Security.IEEE,2017.
[12] Kortebi A,Aouini Z,Delahaye C,et al.A platform for home network traffic monitoring[C]//Integrated Network & Service Management.IEEE,2017.
[13] Chang N,Lan A,Liao M,et al.ELK delaminate improvement methodology on Cu pillar interconnect BOP structure[C]//Electronic Components & Technology Conference.IEEE,2014.
[2] 饶琛琳.ELK Stack权威指南[M].2版.北京:机械工业出版社,2017.
[3] 曾恒.基于ELK的网络安全日志管理分析系统的设计与实现[D].北京:北京邮电大学,2017.
[4] 360企业安全研究院.走进安全:网络世界的攻与防[M].北京:电子工业出版社,2018.
[5] 姚攀,马玉鹏,徐春香.基于ELK的日志分析系统研究及应用[J].计算机工程与设计,2018,39(7):2090-2095.
[6] Lei X F,Wang Z,He Y Z.The Data Management and Real-time Search Based on Elasticsearch[C]//2015 4th International Conference on Computer,Mechatronics,Control and Electronic Engineering.2015.
[7] Sung J S,Kwon Y M.Performance of ELK stack and commercial system in security log analysis[C]//Malaysia International Conference on Communications,2017.
[8] Prakash T,Kakkar M,Patel K.Geo-identification of web users through logs using ELK stack[C]//2016 6th International Conference—Cloud System and Big Data Engineering(Confluence).IEEE,2016.
[9] Dharur S,Swaminathan K.Efficient surveillance and monitoring using the ELK stack for IoT powered Smart Buildings[C]//International Conference on Inventive Systems and Control,2018.
[10] Al-Mahbashi I Y M.Network security enhancement through effective log analysis using ELK[C]//2017 International Conference on Computing Methodologies and Communication(ICCMC),2017.
[11] Jati G,Hartadi B,Putra A G,et al.Design DDoS attack detector using NTOPNG[C]//International Workshop on Big Data & Information Security.IEEE,2017.
[12] Kortebi A,Aouini Z,Delahaye C,et al.A platform for home network traffic monitoring[C]//Integrated Network & Service Management.IEEE,2017.
[13] Chang N,Lan A,Liao M,et al.ELK delaminate improvement methodology on Cu pillar interconnect BOP structure[C]//Electronic Components & Technology Conference.IEEE,2014.