基于图数据库的系统日志图谱模型构建与分析  被引量：1

作　　者：郑中一 李赛飞[2] 江晓峰 ZHENG Zhongyi;LI Saifei;JIANG Xiaofeng(School of Computing&Artificial Intelligence,Southwest Jiaotong University,Chengdu Sichuan 611756,China;School of Information Science&Technology,Southwest Jiaotong University,Chengdu Sichuan 611756,China)

机构地区：[1]西南交通大学计算机与人工智能学院,四川成都611756 [2]西南交通大学信息科学与技术学院,四川成都611756

出　　处：《信息安全与通信保密》2023年第6期110-121,共12页Information Security and Communications Privacy

基　　金：四川省科技计划项目(No.2021YJ0372);四川省重大科技专项项目(No.2019ZDZX0007,No.2021YFQ0056);保密通信重点实验室基金项目(No.61421030201022108)。

摘　　要：在网络安全领域,日志分析技术可以帮助安全专家和系统管理员实时监测网络中的异常行为、检测漏洞和攻击行为、提高系统安全性和保护企业的数据资产。针对传统日志分析信息维度单一与对事件关联能力不足的问题,提出一种基于图数据库的系统日志图谱模型。首先,基于通用网络安全知识图谱模型设计引入网络安全知识、系统环境数据和威胁情报3个维度的背景知识;其次,剖析系统日志内部的多种关联关系,将日志转化为图结构并与多维数据融合以构建图谱模型;最后,使用基于广度优先搜索的图遍历算法在模型中进行实验。实验结果表明,所构建的图谱模型能够有效实现对多维数据的集成和关联,并具备优秀的搜索与查询性能。In the field of cyber security,log analysis technology can help security experts and system administrators monitor abnormal behaviors,detect vulnerabilities and attacks,improve system security and protect enterprise data assets in real-time.To address the issues of single information dimension and insufficient event correlation capability in conventional log analysis,a syslog graph model based on graph database is proposed.First,based on the general cyber security knowledge graph model,three dimensions of background knowledge,namely cyber security knowledge,system environment data and cyber threat intelligence,are designed and introduced.Then,the internal relationships of the syslogs are analyzed,and the logs are transformed into graph structures and integrated with multi-dimensional data to build a graph model.Finally,graph traversal algorithm based on breadth-first search is used to construct experiments in the model.The experimental results indicate that the graph model built can effectively integrate and correlate multi-dimensional data,and has excellent search and query performance.

关 键 词：网络安全 日志分析 图谱构建 事件关联 图数据库 

分 类 号：TP391.1[自动化与计算机技术—计算机应用技术]