The analysis of event correlation in security operations center
Many security events occur in computer networks and most of them are not isolated. In other words, there are many relationships among the events that are called redundancy relationship or causality. As the events are massive, correlation analysis is very important This paper analyzes the current algorithm of event correlation and proposes a security events correlation method. This method unifies the security events from different security equipments and sorts them firstly, then combines the security events by the similarity, finally extracts correlation rules among security events utilizing data mining. It can decrease the number of alert, reduce false alert and discover high-level attack strategies.
Security Operations Center Correlation Analysis Similarity Correlation Rules
Deyang Zhang Dedong Zhang
School of information and electronic engineering Hebei university of engineering Handan, China School of computer science and technology Beijing university of posts and telecommunications Beijing
国际会议
深圳
英文
1214-1216
2011-03-28(万方平台首次上网日期,不代表论文的发表时间)