Acquisition and Visualization of Sensitive Security Audit Events
Audit data analysis plays a critical role in the field of information security.Acquiring sensitive security audit events (SSAE)and visualizing correlations of them is an important task of audit data analysis and it is a very difficult issue.In this paper, we propose an approach to acquire SSAE and present their correlations in the form of graphs.Firstly,we use DWT (discrete wavelet transformation)to get sensitive security audit event objects,and then use DBSCAN (a clustering algorithm of KDD) and database query technique to obtain SSAE related to the sensitive objects.Secondly,a security audit event visualization model based on the theory of Colored Petri-net is presented to visualize correlations of SSAE,and the acquisition process of causal relationship among audit events is given.Lastly,we carry out an experiment,which shows the proposed approach bring some convenience of browsing and analysing audit data to security auditor.
Baoyun Wang Yingjie Yang
Institute of Electronic Technology Information Engineering University Zhengzhou,Henan Province,450004,China
国际会议
2008 IEEE International Conference on Onformation and Automation(IEEE 信息与自动化国际会议)
张家界
英文
1514-1519
2008-06-20(万方平台首次上网日期,不代表论文的发表时间)