The Security Operations Center Based on Correlation Analysis
With the development of the information technology, the network threats are rampant day by day. In order to protect company and organization network, They have deployed a variety of network security products, such as IDS (intrusion detection system), firewalls, VPN and AVS (anti-virus system). Because of the lack of data exchange mechanism, security product cannot share the security information each other and causes the large volume of alarm message or false alarm. In this case, we need a platform or system to solve this problem The security operations center can collect and manage these security events and analyzes the related information, can reduce the false positives and false negatives, and improve security of network system. In this paper, we do some research on the event correlation analysis, introduce the processes of the analysis and the method of rule extraction, and then introduce the system architecture of security operations center.
Network security Correlation analysis Rule extraction
Shuhong Yuan Chijia Zou
Information Center Zhejiang University Hangzhou,China
国际会议
西安
英文
859-862
2011-05-27(万方平台首次上网日期,不代表论文的发表时间)