Information Security Monitoring System based on Data Mining
Some heterogeneous security equipments such as firewalls,intrusion detection systems, and anti-virus gateways,can produce massive security events which are difficult to manage efficiently. So a log-based mining, distributed, and multi-protocol supported framework of security monitoring system is proposed. This paper describes the architecture of the information security monitoring system, and focuses on the research of the correlation analysis engine,describes the process that the detection model is built using data mining techniques.Security event correlation based on data mining analysis can automatically extract association rules, analyze alarming and found new invasion model, so it is a highly intelligent solution.
data mining security event security monitoring
Lv guangjuan Xu ruzhi Zu xiangrong Deng liwu
School of Computer Science & Technology North China Electric Power University Beijing,China Schol of Computer Science & Technology North China Electric Power University Beijing,China
国际会议
The Fifth International Conference on Information Assurance and Security(第五届信息保障与安全国际会议)
西安
英文
472-475
2009-08-18(万方平台首次上网日期,不代表论文的发表时间)