The Design of a Correlation Analysis Engine Model Based on Carma_VE Algorithm
SOC (Security Operation Center) is the core platform of safety management system, and correlation analysis engine is the core of SOC. This paper designs a correlation analysis engine model. The engine can not only effectively eliminate or reduce duplicate and redundant alerts, but also quickly discover the hidden attack tactics in the huge amount of alerts generated by multi-step attacks. Based on the engine, Carma_VE algorithm is presented in order to automatically generate association rules. Compared with the Carma algorithm, Carma_VE algorithm is more efficient under the smaller training set.
Zhaoyang Qu Lei Wang
School of Information engineering, Northeast Dianli University, Jilin, 132012, China
国际会议
2009 IEEE International Symposium on IT in Medicine & Education( IEEE 教育与医药信息化国际会议)
济南
英文
1267-1270
2009-08-14(万方平台首次上网日期,不代表论文的发表时间)