Large-scale distributed network safety data acquisition method and system

Abstract

The invention relates to a large-scale distributed network safety data acquisition method and system. The method comprises the steps of multimode data acquisition, data analysis and standardization and data distribution and transmission. The system comprises an acquisition agent module, a data acquisition module, a data analysis module and a data distribution and transmission module. With respect to data acquisition, multiple modes such as an active mode, a passive mode and a data stream mirror image mode are adopted, and comprehensive acquisition of various types of data is realized; with respect to data analysis, a data analysis and standardization mechanism based on strategies is adopted, original data are extracted, mapped, replaced, supplemented and the like by means of writing analysis strategies, and therefore quick analysis of a newly added data format and data standardization oriented to multiple application systems are realized; with respect to transmission, the multi-stage connection technology and the multi-path distribution technology are adopted, elastic combination, cascading deployment and multi-path distribution between acquisition systems are realized, and the requirements for vertical and horizontal expansion of a network environment and acquisition of mass data information are met.

Description

technical field [0001] The invention belongs to the field of network security management, and relates to a large-scale distributed network security data collection method and system. Background technique [0002] Data collection is a prerequisite for network security management and operation and maintenance. The data acquisition tool realizes the comprehensive collection, analysis, cleaning and standardization of security events, log information, operating status, system configuration, security policies, etc. generated by various software and hardware resources in the network system, and transforms them into identifiable and manageable , exchangeable, and shareable useful data. [0003] At present, in the field of network security management, there are already a variety of data collection tools, which can effectively solve the data collection and cleaning tasks in certain specific environments. However, with the continuous improvement of informatization, a large number of i...

AI Technical Summary

Problems solved by technology

[0003] At present, in the field of network security management, there are already a variety of data collection tools, which can effectively solve the data collection and cleaning tasks in certain specific environments. However, with the continuous improvement of informatization, a large number of information systems and advanced The large-scale deployment and use of information technology poses severe challenges to security management. At the same time, it also puts forward new requirements for data collection technology: First, it supports diversified collection methods. In a network system, a set of data collection tools is used to realize Comprehensive collection of different network security data, rather than deploying multiple sets of collection tools to meet the collection requirements of different data sources; the second is to support the rapid analysis of multi-source, heterogeneous data and multi-standard data reconstruction capabilities

Traditional data collection tools can only analyze data sources in one or several specific formats. For new data formats, secondary custom development is often required, and it does not support the construction of different data standards for different upper-level application systems. requirements, which cannot meet the needs of security management for rapid deployment and dynamic changes of informatization

Images