Abstract
To integrate network security devices to make them act as a battle team and efficiently handle the large amount of security events produced by various network applications, Network Security Intelligent Centralized Management is a basic solution. In this paper, we introduce an intelligent agent-oriented Network Security Intelligent Centralized Management System, and give a description about the system model, mechanism, hierarchy of security events, data flow diagram, filtering and transaction and normalization of security events, clustering and merging algorithm, and correlation algorithm. The experiment shows that the system can significantly reduce false positives and improve the quality of security events. It brings convenience for security administrators to integrate security devices and deal with large security events.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Forte, D.V.: The ”Art” of log correlation. Computer Fraud and Security 2004(8), 15 (2004)
Chuvakin, A.: Security event analysis through correlation. Information Systems Security 2004(13), 13 (2004)
Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Ma, Ym., Li, Zt., Lei, J., Wang, L., Li, D. (2007). An Intelligent Agent-Oriented System for Integrating Network Security Devices and Handling Large Amount of Security Events. In: Yang, C.C., et al. Intelligence and Security Informatics. PAISI 2007. Lecture Notes in Computer Science, vol 4430. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71549-8_37
Download citation
DOI: https://doi.org/10.1007/978-3-540-71549-8_37
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71548-1
Online ISBN: 978-3-540-71549-8
eBook Packages: Computer ScienceComputer Science (R0)