面向对象的XML在网络安全事件数据处理中的应用
|
摘要
本课题主要研究了如何将面向对象的XML应用在网络安全管理平台对于网络安全事件数据的处理上,以实现平台的可扩展性。网络安全管理平台对受管的网络区域实行全面的,实时的安全监控,最大限度的确保整个受管网络的安全。网络安全管理平台实现全局安全防御的关键是对捕获到的安全事件及时作出相应的处理。安全事件来自于不同类型的安全设备,主要的安全设备有:防火墙,IDS,非法外联,杀毒软件等。同一类型的安全设备可能来自不同的厂商,网络中新的安全问题不断产生,原有的设备也会升级,更新换代。网络安全管理平台需要有更好的扩展性和灵活性,可以方便的添加各种不同的安全设备,更好的处理这些设备捕获的安全事件,以达到对受管网络更加全面及时的防御。
面向对象的机制有很好的建模能力,如:封装,继承,多态性等。将面向对象的特征加入到XML中,使XML语言也具有了建模能力。由于普通的DTD解析器不支持面向对象的机制,所以首先需要制定一个针对安全事件的扩展DTD解析器,去解析面向对象的特性。当平台添加新的安全设备或者处理新类型的安全事件的时候,用面向对象XML封装安全事件数据,通过DTD解析器对继承语义的解析,就可以继承原系统中已有的抽象事件处理类,从而获得事件的处理方法去处理事件数据。
本文对扩展DTD解析器的设计、实现以及对安全事件数据的具体处理都做了详细的介绍,最后也给出了测试结果。将面向对象的XML应用到网络安全管理平台上处理安全事件数据,实现了平台的扩展性,同时也减少了对原系统的改动量。改进后的网络安全管理平台就可以从容的应对各种不同的安全设备,处理它们捕获的安全事件,实现了对整个网络环境更加全面及时的保护。
This project mainly researched that how to use Object-Oriented XML on the network security management platform and use which to handle the security incident data in order to implement the platform's scalability. Network security management platform monitors the hole LAN to implement a comprehensive regional network security monitoring and make timely response to security incidents then handle the incidents, try its best to protect the hole LAN. The critical point of the network security management platform to fulfill its global security defense is timely capturing all kinds of incidents and handling them. Security event datas come from different types of safety equipment. Safety equipments mainly include:firewall, IDS(Intrusion Detection System), illegal outer connection, anti-virus software. The same type of safety equipments may come from different vendors,network security prolems continuously emerge which issues in the original equipments' replacement, renewal and upgrading. What we can do to make the network security management platform has better expansibility and flexibilityso that it can easily add a variety of safety equipments. Then the platform can better deal with these security event data the equipments captured in order to achieve more comprehensive defense.
The mechanism of object-oriented has perfact modeling capacity,such as:encapsulation,inheritance,polymorphism, etc. Adding the object-oriented features to XML, the XML language also has a modeling capability.Beacause of the general DTD parser don't surport the mechanism of object-oriented,so a extended DTD parser especial for security incident must be designed and implemented first. The parser can parse the object-oriented mechanism.When adding new equipment to the network security management platform or handling new type security incident, use Object-Oriented XML to package the security events that the equipment can capture,then use the extended DTD parser parse the mechanism of inheritence in order to inheriting the original system's abstrat security incident handling classs and obtain the class's menthod to deal with the event data.
This paper have made a detailed description about the extended DTD parser's design and its implement also include the process of dealing with the security incident datas. In the last of the paper the test results were given out.Using Object-Oriented XML on the network security management platform to deal with the security incident datas which can fulfill the platform's scalability, in the meantime extremly reduce the amount of changes which need to make on the paltform.The improved network security management platform can leisurly respond to new types of equipment and there security events,therefore it can achieve a more comprehensive and timely protection for the whole network environment.
面向对象的机制有很好的建模能力,如:封装,继承,多态性等。将面向对象的特征加入到XML中,使XML语言也具有了建模能力。由于普通的DTD解析器不支持面向对象的机制,所以首先需要制定一个针对安全事件的扩展DTD解析器,去解析面向对象的特性。当平台添加新的安全设备或者处理新类型的安全事件的时候,用面向对象XML封装安全事件数据,通过DTD解析器对继承语义的解析,就可以继承原系统中已有的抽象事件处理类,从而获得事件的处理方法去处理事件数据。
本文对扩展DTD解析器的设计、实现以及对安全事件数据的具体处理都做了详细的介绍,最后也给出了测试结果。将面向对象的XML应用到网络安全管理平台上处理安全事件数据,实现了平台的扩展性,同时也减少了对原系统的改动量。改进后的网络安全管理平台就可以从容的应对各种不同的安全设备,处理它们捕获的安全事件,实现了对整个网络环境更加全面及时的保护。
This project mainly researched that how to use Object-Oriented XML on the network security management platform and use which to handle the security incident data in order to implement the platform's scalability. Network security management platform monitors the hole LAN to implement a comprehensive regional network security monitoring and make timely response to security incidents then handle the incidents, try its best to protect the hole LAN. The critical point of the network security management platform to fulfill its global security defense is timely capturing all kinds of incidents and handling them. Security event datas come from different types of safety equipment. Safety equipments mainly include:firewall, IDS(Intrusion Detection System), illegal outer connection, anti-virus software. The same type of safety equipments may come from different vendors,network security prolems continuously emerge which issues in the original equipments' replacement, renewal and upgrading. What we can do to make the network security management platform has better expansibility and flexibilityso that it can easily add a variety of safety equipments. Then the platform can better deal with these security event data the equipments captured in order to achieve more comprehensive defense.
The mechanism of object-oriented has perfact modeling capacity,such as:encapsulation,inheritance,polymorphism, etc. Adding the object-oriented features to XML, the XML language also has a modeling capability.Beacause of the general DTD parser don't surport the mechanism of object-oriented,so a extended DTD parser especial for security incident must be designed and implemented first. The parser can parse the object-oriented mechanism.When adding new equipment to the network security management platform or handling new type security incident, use Object-Oriented XML to package the security events that the equipment can capture,then use the extended DTD parser parse the mechanism of inheritence in order to inheriting the original system's abstrat security incident handling classs and obtain the class's menthod to deal with the event data.
This paper have made a detailed description about the extended DTD parser's design and its implement also include the process of dealing with the security incident datas. In the last of the paper the test results were given out.Using Object-Oriented XML on the network security management platform to deal with the security incident datas which can fulfill the platform's scalability, in the meantime extremly reduce the amount of changes which need to make on the paltform.The improved network security management platform can leisurly respond to new types of equipment and there security events,therefore it can achieve a more comprehensive and timely protection for the whole network environment.
引文
[1]吕精巧,浅析网络安全与防火墙技术[J],内蒙古科技与经济,2009(6):82-84.
[2]张晓琳,谭跃生,周健,支持面向对象的XML的扩展DTD的解析器设计与实现[J],计算机与现代化,2005(7):1-4.
[3]吴蕾,XML数据库事务并发调度策略研究[D],南昌大学,2009.
[4]张杰;基于路由欺骗的非法外联监控系统的设计及其主要模块的实现[D];北京邮电大学;2010.
[5]陈朝晖,Native XML数据库存储管理研究与实现[D],哈尔滨工程大学,2009.
[6]占鸣;JDF引擎及其程序架构技术的研究与开发[D];西安理工大学;2007.
[7]姜岩.宫义山,王国仁,薛海龙,基于面向对象XML的面向方面模型[J],沈阳建筑大学学报(自然科学版),2006,22(4):673-676.
[8]李淑彪,面向对象的XML处理器通用模型[J],计算机工程与应用,2003,39(25):136-138.
[9]戴华忠,张晓琳,谭跃生,基于面向对象XML索引机制的研究与实现[J].计算机工程与应用,2006(31):179-183.
[10]周建,孙丽艳,用JAVACC和JJTREE构造扩展DTD解析器[J],网络通讯与安全,2007(17):1313-1315+1379.
[11]吕俊,赵恒永,JavaCC及其在搜索引擎技术中的应用研究[J],微计算机应用,2006,27(2):241-243.
[12]姚砺,束永安.用JavaCC构造编译器的方法[J],计算机工程,2003,29(9):39-41.
[13]刘芳,肖铁军;XML应用的基石:XML解析技术[J],计算机工程与设计,2005,26(10):2823-2824+2839.
[14]张亚峰,XML在基于WEB的产品数据管理中的应用[D],西安电子科技大学,2006.
[15]贾素玲,王强,许珂等.XML核心技术.北京:高等教育出版社.2005.4.
[16]逯鹏.XML文档解析技术及其应用[J].郑州工业大学学报.2002,23(4):17-20.
[17]但正刚,李顺等.XML高级网络应用.北京:清华大学出版社.2002.8.
[18]万常选,XML数据库技术[M],北京:清华大学出版社,2005,52-54.
[19]张晓琳,王国仁,刘辉林,面向对象XML数据库的逻辑基础[J],计算机研究与发展,2006,43(11):2012-2019.
[20]王超,基于JAVA的支持PMML的软件包的研究与实现[D],中国农业大学,2004.
[21]王鑫,方家骐,基于IDEFIX的面向对象XML建模[J],计算机工程与设计,2007,28(18):4507-4510+4514.
[22]邢东旭,张晓琳,巴特尔,谭跃生,面向对象XML数据库存储系统的研究[J],内蒙古工业大学学报,2006,25(2):97-100.
[23]方翔,李伟生,关系模式到XML模式的影射[J],计算机应用研究,2002,23(1)133-135.
[24]黄峰,一种原生XML数据库-Xindice的研究与改进[D],华东师范大学,2007.
[25]张晓琳,丁红,谭跃生,王国仁,基于面向对象XML的集中式和分布式存储模型[J],计算机工程,2007,33(5):58-60.
[26]陈娟,XML安全快速解析技术研究[D],西安电子科技大学,2007;
[27]周健,孙丽艳,面向对象XML的存储模式的研究[J],计算机技术与发展,200919(3):114-117.
[28]Java Compiler Compiler-Javacc[EB/OL], https://javacc.dev.Java.net/, 2005.
[29]http://www. xml. com/pub/a/2000/11/29/schemas/partl. html.2001.
[30]DTD parser vision2.0[EB/OL], http://www.rpbourret.com/dt-dparser/, 2005.
[31]Guoren Wang and Xiaolin Zhang. A Declarative XML Update Language Based on a Higher Data Model. College of Information Science and Engineering, 2005(3):373-377.
[32]The document of javacc[EB/OL], http://javacc.dev.java.net/doc/Char Stream.html,2005.
[33]Klarlund N,Moller A, Schwtzbach M I, DSD:A schema language for XML[A], In:ACM SIGSOFTwork shop on formal methods in software practice[M]. Portland,2000.367-374.
[34]Li Lu.Extending XML-RL With Update.2003
[2]张晓琳,谭跃生,周健,支持面向对象的XML的扩展DTD的解析器设计与实现[J],计算机与现代化,2005(7):1-4.
[3]吴蕾,XML数据库事务并发调度策略研究[D],南昌大学,2009.
[4]张杰;基于路由欺骗的非法外联监控系统的设计及其主要模块的实现[D];北京邮电大学;2010.
[5]陈朝晖,Native XML数据库存储管理研究与实现[D],哈尔滨工程大学,2009.
[6]占鸣;JDF引擎及其程序架构技术的研究与开发[D];西安理工大学;2007.
[7]姜岩.宫义山,王国仁,薛海龙,基于面向对象XML的面向方面模型[J],沈阳建筑大学学报(自然科学版),2006,22(4):673-676.
[8]李淑彪,面向对象的XML处理器通用模型[J],计算机工程与应用,2003,39(25):136-138.
[9]戴华忠,张晓琳,谭跃生,基于面向对象XML索引机制的研究与实现[J].计算机工程与应用,2006(31):179-183.
[10]周建,孙丽艳,用JAVACC和JJTREE构造扩展DTD解析器[J],网络通讯与安全,2007(17):1313-1315+1379.
[11]吕俊,赵恒永,JavaCC及其在搜索引擎技术中的应用研究[J],微计算机应用,2006,27(2):241-243.
[12]姚砺,束永安.用JavaCC构造编译器的方法[J],计算机工程,2003,29(9):39-41.
[13]刘芳,肖铁军;XML应用的基石:XML解析技术[J],计算机工程与设计,2005,26(10):2823-2824+2839.
[14]张亚峰,XML在基于WEB的产品数据管理中的应用[D],西安电子科技大学,2006.
[15]贾素玲,王强,许珂等.XML核心技术.北京:高等教育出版社.2005.4.
[16]逯鹏.XML文档解析技术及其应用[J].郑州工业大学学报.2002,23(4):17-20.
[17]但正刚,李顺等.XML高级网络应用.北京:清华大学出版社.2002.8.
[18]万常选,XML数据库技术[M],北京:清华大学出版社,2005,52-54.
[19]张晓琳,王国仁,刘辉林,面向对象XML数据库的逻辑基础[J],计算机研究与发展,2006,43(11):2012-2019.
[20]王超,基于JAVA的支持PMML的软件包的研究与实现[D],中国农业大学,2004.
[21]王鑫,方家骐,基于IDEFIX的面向对象XML建模[J],计算机工程与设计,2007,28(18):4507-4510+4514.
[22]邢东旭,张晓琳,巴特尔,谭跃生,面向对象XML数据库存储系统的研究[J],内蒙古工业大学学报,2006,25(2):97-100.
[23]方翔,李伟生,关系模式到XML模式的影射[J],计算机应用研究,2002,23(1)133-135.
[24]黄峰,一种原生XML数据库-Xindice的研究与改进[D],华东师范大学,2007.
[25]张晓琳,丁红,谭跃生,王国仁,基于面向对象XML的集中式和分布式存储模型[J],计算机工程,2007,33(5):58-60.
[26]陈娟,XML安全快速解析技术研究[D],西安电子科技大学,2007;
[27]周健,孙丽艳,面向对象XML的存储模式的研究[J],计算机技术与发展,200919(3):114-117.
[28]Java Compiler Compiler-Javacc[EB/OL], https://javacc.dev.Java.net/, 2005.
[29]http://www. xml. com/pub/a/2000/11/29/schemas/partl. html.2001.
[30]DTD parser vision2.0[EB/OL], http://www.rpbourret.com/dt-dparser/, 2005.
[31]Guoren Wang and Xiaolin Zhang. A Declarative XML Update Language Based on a Higher Data Model. College of Information Science and Engineering, 2005(3):373-377.
[32]The document of javacc[EB/OL], http://javacc.dev.java.net/doc/Char Stream.html,2005.
[33]Klarlund N,Moller A, Schwtzbach M I, DSD:A schema language for XML[A], In:ACM SIGSOFTwork shop on formal methods in software practice[M]. Portland,2000.367-374.
[34]Li Lu.Extending XML-RL With Update.2003