A Correlation Analysis Method for Network Security Events

In order to solve the issues that there are high false alarms and missed alarm rate existing in single network security equipment, this paper proposed alert events correlation algorithm based on attributes similarity, which is the application of clusterin

  • PDF / 1,851,335 Bytes
  • 9 Pages / 439.37 x 666.142 pts Page_size
  • 71 Downloads / 235 Views

DOWNLOAD

REPORT

A Correlation Analysis Method for Network Security Events He Wei

Abstract In order to solve the issues that there are high false alarms and missed alarm rate existing in single network security equipment, this paper proposed alert events correlation algorithm based on attributes similarity, which is the application of clustering algorithm, with measuring the similarity of properties. In accordance with the character of different clustering methods, this method achieves the correlation for the alarm event. Keywords Correlation analysis similarity correlation



Network security



Similarity



Attributes

35.1 Introduction With the rapid development of computer technologies and internet technologies, the applications of network are developing and strengthening [1]. Internet has brought us great convenience. Secure network has become foundation of the country’s political, economic and military security, and also has placed important impact on people’s life and commerce [2, 3]. However, network security has become more and more sensitive and important. The internet is suffering from a growing number of security threats. At present, attack techniques takes on the characteristics of complicatedness, covertness and distribution, and firewall technology, intrusion detection systems and vulnerability scanning technology have been used to discover and resist the attacks [4]. Yet, most of the security device

H. Wei (&) Jiaxing Vocational and Technical College, Jiaxing 314036 Zhejiang, China e-mail: [email protected]

W. Du (ed.), Informatics and Management Science III, Lecture Notes in Electrical Engineering 206, DOI: 10.1007/978-1-4471-4790-9_35, Ó Springer-Verlag London 2013

269

270

H. Wei

will not only generate massive duplication of alarm, but also difficult to provide the correlation between the different alarms [5, 6]. The network security management faces three major issues: the huge amount of security alert data, redundancy and false positives. So it is necessary to apply alert correlation methods to correlate these data, mine the essential relationships between alerts and discover the latent attack intentions effectively [7]. This paper proposed alert events correlation algorithm, based on attributes similarity, to solve the issues that there are high false alarms and missed alarm rate existing in single network security equipment. This algorithm is the application of clustering algorithm, with measuring the similarity of properties, we can decide the clusters, and we also design an algorithm to measure the similarity of the new event and the overall cluster [8]. Finally, we put forward an event correlation model according to the events correlation algorithm.

35.2 The Status of Network Security 35.2.1 Security Threat Becoming More Serious With the construction of network infrastructure and Internet penetration, Network security threats becoming more serious. The damage of security threats shows an increasing trend. Endless attacks occur everywhere on the internet, and become worse and worse.2) with the

Data Loading...

Recommend Documents
Network Security Performance Analysis Based on Netflow

160 23 48MB

A Comprehensive Architecture for Correlation Analysis to Improve the Performance of Security Operation Center

150 98 816KB

Dynamic Games for Network Security

164 1 4MB

A Novel Method of Network Security Situation Assessment Based on Evidential Network

156 74 66MB

A Forecast Method for Network Security Situation Based on Fuzzy Markov Chain

141 55 29MB

Network Security

170 34 49MB

Network Security

221 97 4MB

A Game Theoretic Framework for Software Diversity for Network Security

204 105 32MB

An Improved Social Network Analysis Method for Social Networks

198 84 2MB

Artificial Neural Network Based Evaluation Method of Urban Public Security

179 110 37MB

A method for GB-InSAR temporal analysis considering the atmospheric correlation in time series

135 74 3MB

A Spatial Correlation-Based Anomaly Detection Method for Subsurface Modeling

180 58 4MB