Title :
The design of a correlation analysis engine model based on Carma_VE algorithm
Author :
Qu, Zhaoyang ; Wang, Lei
Author_Institution :
Sch. of Inf. Eng., Northeast Dianli Univ., Jilin, China
Abstract :
SOC (security operation center) is the core platform of safety management system, and correlation analysis engine is the core of SOC. This paper designs a correlation analysis engine model. The engine can not only effectively eliminate or reduce duplicate and redundant alerts, but also quickly discover the hidden attack tactics in the huge amount of alerts generated by multi-step attacks. Based on the engine, Carma_VE algorithm is presented in order to automatically generate association rules. Compared with the Carma algorithm, Carma_VE algorithm is more efficient under the smaller training set.
Keywords :
correlation methods; data mining; learning (artificial intelligence); safety; security of data; Carma_VE algorithm; SOC; automatic association rule generation; correlation analysis engine model design; data security; duplicate alert elimination; hidden attack tactics discovery; multistep attack; redundant alert elimination; safety management system; security operation center; training set; Algorithm design and analysis; Association rules; Data mining; Data security; Educational technology; Engines; Filtering; Information analysis; Merging; Standardization;
Conference_Titel :
IT in Medicine & Education, 2009. ITIME '09. IEEE International Symposium on
Conference_Location :
Jinan
Print_ISBN :
978-1-4244-3928-7
Electronic_ISBN :
978-1-4244-3930-0
DOI :
10.1109/ITIME.2009.5236294
