1. Improved multi-source heterogeneous alert aggregation scheme.
- Author
-
HUANG Lin, WU Zhi-jie, HUANG Xiao-fang, WEI Yong, and FU Zhi-hui
- Subjects
- *
HETEROGENEOUS computing , *AGGREGATION (Statistics) , *COMPUTER network security , *INFORMATION science , *THRESHOLDING algorithms , *COMPUTER science - Abstract
Various types of network security devices generated a large number of redundant alarm information with the high rate of false alarms. Alarm information is very trivial which is more difficult to analysis and understand the alarm. In order to research this problem, this paper proposed an alert aggregation method for multi-source heterogeneous alarm. By analyzing alarm type, source IP, destination IP, destination port and time interval, it summed up four rules, dynamically updated the time interval threshold and improved degree of accuracy. The experimental results show that this method can efficiently reduce the number of heterogeneous alarm information, get simplified super alarm data, and realize the real-time processing ability of the alarm information. [ABSTRACT FROM AUTHOR]
- Published
- 2014
- Full Text
- View/download PDF