HS-StreamCube:网络安全事件流实时多维分析系统

J4 ›› 2013, Vol. 35 ›› Issue (3): 72-79.

HS-StreamCube:网络安全事件流实时多维分析系统

甘亮1,2，李润恒1，贾焰1，刘健3

（1.国防科学技术大学计算机学院，湖南长沙 410073;2.第二炮兵指挥学院，湖北武汉 430012;3.96167部队，福建永安 366000）

收稿日期:2010-09-04 修回日期:2010-12-15 出版日期:2013-03-25 发布日期:2013-03-25
基金资助:
国家863计划资助项目(2006AA01Z451，2007AA01Z474，2007AA010502)

HS-streamCube:Realtime multidimensional
analysis system on network security event stream

GAN Liang1,2,LI Runheng1,JIA Yan1,LIU Jian3

(1.School of Computer Science,National University of Defense Technology,Changsha 410073;2.The Second Artillery Command College,Wuhan 430012;3.Troop of 96167,Yongan 366000,China)

Received:2010-09-04 Revised:2010-12-15 Online:2013-03-25 Published:2013-03-25

摘要/Abstract

摘要：

大规模网络安全监控应用中，决策者应用数据流联机在线分析(Stream OLAP)技术对网络安全事件流建立流数据方(Stream Cube)进行实时分析，以了解当前网络安全状况并动态评估当前网络安全态势。由于内存容量有限，Stream Cube只关注当前时间窗口内的数据，而对于时间窗口外的过期数据则采用近似存储或简单地丢弃，所以不支持超出时间窗口范围的大时间窗口查询。针对以上缺陷，提出一种多维多层安全事件流实时分析框架HSStreamCube，采用内存和外存两层混合存储模式实现任意时间窗口的精确查询；然后根据数据流特点重点研究两层混合存储模式下HSStreamCube的模型、构建、存储管理和查询等；最后通过实验验证该系统的可用性和高效性。

关键词: 流数据方, 网络安全事件, 混合存储, 联机在线分析

Abstract:

In the applications of largescale network security monitoring,data stream of security events is analysised realtimely to acquire the characteristic of current security in the network and to assess dynamically the current security situation with Stream OLAP by building Stream Cube.Because of the limited memory capacity, Stream Cube only concerned about the current data within the time window,but expired data is stored approximately or simply discarded,so it do not support the query with time beyond the scope of current time window.We propose a realtime StreamCubebased multidimensional and multilevel analysis framework on security event stream, Hybrid StorageStreamCube,which is implemented by a twotier (memory and disk) storage model.On the basis of characteristics of data stream,we focus on the modeling,building,storing and querying of HSStreamCube within the twotier storage model.Efficient experiments verify the availability and efficiency of the system.

Key words: stream cube；network security event；hybrid storage；OLAP

甘亮1,2，李润恒1，贾焰1，刘健3. HS-StreamCube:网络安全事件流实时多维分析系统[J]. J4, 2013, 35(3): 72-79.

GAN Liang1,2,LI Runheng1,JIA Yan1,LIU Jian3. HS-streamCube:Realtime multidimensional
analysis system on network security event stream [J]. J4, 2013, 35(3): 72-79.