Research on Network Security Situation Awareness System Architecture Based on Multi-source Heterogeneous Sensors

Combined with the large-scale network security monitor application requirements,network security situation awareness system(NSSAS) architecture based on multi-sensors was studied with using the idea of 'distributed acquisition,multi-domain processing',and then the corresponding ring physical architecture and hierarchical conceptual model of NSSAS were put forward.The architecture of NSSAS is composed of three levels,including information acquisition level,element extraction level and situation decision-making level from bottom to top successively.The modules of every level were designed in detail,and the solution of multi-source heterogeneous security information XML format was given.The NSSAS architecture based on multi-sensors is an open and extensible ring architecture that can reduce system implementation complexity and avoid single-point failure problem.At the same time,it can clearly describe the relationship among levels and components,and guide the development of engineering practice and key technologies.