MS²IFS: A Multiple Source-Based Security Information Fusion System

Author

Chang, Jun ; Yu, Jiang ; Pei, Yijian

Author_Institution

Sch. of Inf. Sci. & Eng., Yunnan Univ., Kunming, China

fYear

2010

fDate

13-14 Oct. 2010

Firstpage

215

Lastpage

219

Abstract

Security Information Fusion System has recently become one of the major topics in the research area of information security. A great deal of security devices and components have been deployed in network information systems. While improving the systems security performance, they produced lots of redundant or unreliable information. Through the technologies of alert fusion and correlation analysis, alert redundancy can be decreased, administration pressure can be reduced and alert accuracy can be raised effectively. We propose the system architecture of multi-source security information fusion (MS²IFS), and discuss the design ideas and algorithm implementation of MS²IFS key modules. The results of testing on offline alert logs and online simulated attack data proved the feasibility and validity of MS²IFS system and satisfied the design requirement, presenting preferable.

Keywords

security of data; telecommunication security; administration pressure; alert accuracy; alert fusion; alert redundancy; correlation analysis; information security; multiple source-based security information fusion system; network information systems; offline alert logs; online simulated attack data; security devices; system architecture; systems security performance; Algorithm design and analysis; Analytical models; Correlation; Redundancy; Security; Servers; alert correlation; information fusion; intrusion detection; risk evaluation;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications and Intelligence Information Security (ICCIIS), 2010 International Conference on

Conference_Location

Nanning

Print_ISBN

978-1-4244-8649-6

Electronic_ISBN

978-0-7695-4260-7

Type

conf

DOI

10.1109/ICCIIS.2010.32

Filename

5629230