A Correlation Analysis Method for Network Security Events

Wei, He

doi:10.1007/978-1-4471-4790-9_35

He Wei⁴

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 206))

782 Accesses
2 Citations

Abstract

In order to solve the issues that there are high false alarms and missed alarm rate existing in single network security equipment, this paper proposed alert events correlation algorithm based on attributes similarity, which is the application of clustering algorithm, with measuring the similarity of properties. In accordance with the character of different clustering methods, this method achieves the correlation for the alarm event.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Hardcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Yong W, Huihua Y, et al (2004) Distributed intrusion detection system based on data fusion method. Proceedings of the 5th world congress on intelligence control and automation, vol 25. Hangzhou, China, pp 256–257
Google Scholar
Wenhui X, Kaiyong ZB, Wang B (2010) On network security event correlation analysis and active response mechanism. Comp Appl Softw 4:25–26
Google Scholar
Kruegel C, Robertson W (2004) Alert verification: determining the success of intrusion attempts. Proc First Workshop Detect Intrusions Malware Vulnerability Assess 4:378–395
Google Scholar
Jian G, Haibin M, Yong D, Dehao W (2005) Multi-feature correlation redundance elimination of intrusion event. J Southeast Univ (Nat Sci Edition) 03:56–58
Google Scholar
Wei L (2008) Knowledge representation and correlation analysis of the security incidents in a complex Network. Environment 12:54–59
Google Scholar
Zheng-ping H, Feng-juan C, Rong-sheng X (2006) Research and application of network security information correlation technology. Appl Res Comp 54:10–14
Google Scholar
Julisch K (2003) Clustering intrusion detection alarm’s to support root cause analysis. ACM Trans Inf Syst Sec 6(4):443–471
Google Scholar
Xiang Z, Chang-zhen H, Wei Y (2007) Research of network threat analysis technique based on event correlation. Comp Eng Appl 524:04
Google Scholar

Download references

Author information

Authors and Affiliations

Jiaxing Vocational and Technical College, Jiaxing, 314036, Zhejiang, China
He Wei

Authors

He Wei
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to He Wei .

Editor information

Editors and Affiliations

College of Elementary Education, Chongqing Normal University, Chongqing, China, People's Republic
Wenjiang Du

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Wei, H. (2013). A Correlation Analysis Method for Network Security Events. In: Du, W. (eds) Informatics and Management Science III. Lecture Notes in Electrical Engineering, vol 206. Springer, London. https://doi.org/10.1007/978-1-4471-4790-9_35

Download citation

DOI: https://doi.org/10.1007/978-1-4471-4790-9_35
Published: 25 November 2012
Publisher Name: Springer, London
Print ISBN: 978-1-4471-4789-3
Online ISBN: 978-1-4471-4790-9
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics