A Correlation Analysis Method for Network Security Events

Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 206)

Abstract

In order to solve the issues that there are high false alarms and missed alarm rate existing in single network security equipment, this paper proposed alert events correlation algorithm based on attributes similarity, which is the application of clustering algorithm, with measuring the similarity of properties. In accordance with the character of different clustering methods, this method achieves the correlation for the alarm event.

Keywords

Correlation analysis Network security Similarity Attributes similarity correlation 

References

  1. 1.
    Yong W, Huihua Y, et al (2004) Distributed intrusion detection system based on data fusion method. Proceedings of the 5th world congress on intelligence control and automation, vol 25. Hangzhou, China, pp 256–257Google Scholar
  2. 2.
    Wenhui X, Kaiyong ZB, Wang B (2010) On network security event correlation analysis and active response mechanism. Comp Appl Softw 4:25–26Google Scholar
  3. 3.
    Kruegel C, Robertson W (2004) Alert verification: determining the success of intrusion attempts. Proc First Workshop Detect Intrusions Malware Vulnerability Assess 4:378–395Google Scholar
  4. 4.
    Jian G, Haibin M, Yong D, Dehao W (2005) Multi-feature correlation redundance elimination of intrusion event. J Southeast Univ (Nat Sci Edition) 03:56–58Google Scholar
  5. 5.
    Wei L (2008) Knowledge representation and correlation analysis of the security incidents in a complex Network. Environment 12:54–59Google Scholar
  6. 6.
    Zheng-ping H, Feng-juan C, Rong-sheng X (2006) Research and application of network security information correlation technology. Appl Res Comp 54:10–14Google Scholar
  7. 7.
    Julisch K (2003) Clustering intrusion detection alarm’s to support root cause analysis. ACM Trans Inf Syst Sec 6(4):443–471Google Scholar
  8. 8.
    Xiang Z, Chang-zhen H, Wei Y (2007) Research of network threat analysis technique based on event correlation. Comp Eng Appl 524:04Google Scholar

Copyright information

© Springer-Verlag London 2013

Authors and Affiliations

  1. 1.Jiaxing Vocational and Technical CollegeJiaxingChina

Personalised recommendations