The Research of Data Stream Technology in Computer Network Security Monitoring

Abstract

Network attack in a wide range of complex and require monitoring system can real-time detection under high-speed network traffic found various security events. Data stream management system is a kind of high speed and large flow data stream of the real-time response to query requests database model. In this paper, the flow of data in computer network security monitoring technology carried out research. Data stream management platform effectively support real-time query and analysis of the high-speed network data flow, and based on the network security event monitoring system can achieve high processing performance. Put forward a data stream technique is applied to the network security event monitoring framework model can accurately describe the security event in the rules and various monitoring queries, strong flexibility and integrity. In addition, the system can integrate intrusion detection, worms found, network traffic management and so on a variety of monitoring capability, has a good scalability. Introduction Network security event monitoring includes all kinds of large-scale worm, such as port scanning, DOS attack, such as security incidents of real-time monitoring and discovery. The traditional solution is to use intrusion detection technology (including misuse detection and anomaly detection, etc.), combined with all kinds of worm found and network traffic analysis method, complete security incident alarm and prevention. The development of the Internet to implement efficient worldwide provides convenient resources and information sharing, and also puts forward new challenges to network security and intrusion detection system. Increasingly complex network system structure, widely used in the distributed application environment, mass storage and high bandwidth transmission technology, makes the traditional intrusion detection becomes more and more cannot satisfy the security requirements of the system [1]. In this case, we need from many aspects, such as system model, architecture, implementation technology and implement new intrusion detection method is put forward, to adapt to the increasingly complex network security event monitoring requirements [2]. Data stream management platform by using the continuous queries and sliding window model, supporting real-time query and analysis of the high-speed network data flow. Based on the data stream management platform of network security event monitoring system has accurate, concise and complete interface language and powerful expression ability, can integrate various network attack detection based on the rules of IDS, worms, found that network status monitoring, and other functions, has a good scalability. Overview of data stream technology Database technology in the past few decades was a brilliant success, and has produced many successful system and application, to a great extent, changed the way people work and life. But at the end of the 20th century, appear in some new applications, a new data type, with a powerful challenge to the traditional database technology. This new application mode called the data stream model, the typical application scenarios include: network monitoring and traffic control, sensor