The Study of Network Security Event Correlation Analysis Based on Similar Degree of the Attributes

Author

Shuying Zhang ; Yue Gao ; Mengqun Zhang ; Jianmei Ge ; Shuangli Wang

Author_Institution

Coll. of Comput. Sci. & Technol., Beihua Univ., Jilin, China

fYear

2013

fDate

29-30 June 2013

Firstpage

1565

Lastpage

1569

Abstract

This paper studied the related theories of the network security event correlation analysis methods, and proposed the network security event correlation analysis method based on similar degree of the attributes. a detailed description and analysis of the method is gived in this paper, the method can realize the classification and merge of network security events according to the attributes similar degree of network security events. The similar degree of security events are identified by the similar degrees of characteristic attributes. It can not only remove redundant safety incidents, but also can compress security event number. Thus, it can effectively improve the network administrator´s security incident analysis efficiency. The experimental results show that: the method is suitable for the massive security event information analysis and aggregation, can effectively reduce the number of security incidents, has a certain value.

Keywords

IP networks; computer network security; correlation methods; attribute similar degree; characteristic attributes; network administrator security incident analysis efficiency; network security event correlation analysis methods; network security event merging; redundant safety incidents; security event information aggregation; security event information analysis; Automation; Manufacturing; Correlation Analysis; Network Security; Security Events; Similar Degree;

fLanguage

English

Publisher

ieee

Conference_Titel

Digital Manufacturing and Automation (ICDMA), 2013 Fourth International Conference on

Conference_Location

Qingdao

Type

conf

DOI

10.1109/ICDMA.2013.375

Filename

6598299