Abstract

Various security devices which produce a large volume of logs and alerts have been used widely. It is such a troublesome and time-consuming task for network managers to analyze and deal with the information. This paper presented an improved alerts aggregation method based on grey correlation and attribute similarity method. We used grey correlation to ascertain the importance of alert attributes in network security, and considered it as the weight of attributes. Then we combined with the attribute similarity method and calculated the overall feature similarity in order to complete alert aggregation. Experiments results showed that this method had a strict mathematical theory basis and a higher practical value, which can effectively reduce raw alerts and reduce redundancy for alert data fusion.

Highlights

  • With the development of computer technology, humans have a closer relationship with the network, especially in our entertainment such as study and work

  • Data fusion technology is applied in a large-scale network environment to collect and integrate security status data of multi-sensor heterogeneous networks, which can achieve comprehensive monitoring of large-scale networks for grasping the network situation and real-time monitoring of network security status

  • According to the theory research of network correlation and characteristics of network traffic, this paper proposed an improved attribute similarity method of security event correlation analysis

Read more

Summary

INTRODUCTION

With the development of computer technology, humans have a closer relationship with the network, especially in our entertainment such as study and work. According to the theory research of network correlation and characteristics of network traffic, this paper proposed an improved attribute similarity method of security event correlation analysis. The basis of attribute similarity method theory is cluster, which aggregates and classifies those events that are satisfied with certain similarity degree to remove redundancy or duplication and improve network administrators' efficiency of alerts analysis. Weights according to experts' definition can't find out correlation information from alerts that have less attributes All these have a negative effect on evaluation result. In this paper, based on grey correlation analysis method we analyze the importance value of main factors that affect the network, and normalize the value as the weight.

RELATED WORKS AND THEORIES
Researches of Attribute Similarity and Weight Determination Method
Theory of Grey Relation Analysis
ALERT AGGREGATION METHOD
Grey Correlation to Determine the Attribute Weight
Attribute similarity definition and calculation function
Attribute Weight Calculation
Analysis of Alert Aggregation Effect
CONCLUSION

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.