Applying an Integrated Approach of Data Fusion and Data Mining to Event Correlation for Network Security
Nowadays, with increasing requirements of network users for intelligent security management, unified network security management has been a new fashion. A unified network security management system can realize centralized monitor,uniform policy management, intelligent audit and interaction among various security function modules. And in this way, it will simplify the task of network security management, improve security level, controllability and manageability of the network,as well as reduce users overall spending for overall security management. Thus under this background, this paper discusses event correlation, which is a key functionality of unified network security management. An integrated approach of data fusion and data mining is then introduced to event correlation, since data mining produces patterns (attack scenario signatures) for data fusion while data fusion provides correlated data for data mining. Based on this integrated approach, a general event correlation framework is proposed in the paper, and this framework makes full use of data fusion and data mining, in order to progress a beneficial cycle of event correlation for unified network security management. Some implementation issues are also presented in the paper for further kernel implementation in order to make event correlation exact, optimal and timely enough for unified network security management.
Network security unified management event correlation data fusion data mining
XU Hui LIU Ziheng BAI Yu XIAO Debao
Department of Computer Science and Technology HuaZhong Normal University Wuhan 430079, China Department of Information Technology HuaZhong Normal University Wuhan 430079, China Department of Information Management HuaZhong Normal University Wuhan 430079, China
国际会议
武汉
英文
1309-1314
2007-07-25(万方平台首次上网日期,不代表论文的发表时间)