Title :
The Analysis of Event Correlation in Security Operations Center
Author :
Zhang, Deyang ; Zhang, Dedong
Author_Institution :
Sch. of Inf. & Electron. Eng., Hebei Univ. of Eng., Handan, China
Abstract :
Many security events occur in computer networks and most of them are not isolated. In other words, there are many relationships among the events that are called redundancy relationship or causality. As the events are massive, correlation analysis is very important. This paper analyzes the current algorithm of event correlation and proposes a security events correlation method. This method unifies the security events from different security equipments and sorts them firstly, then combines the security events by the similarity, finally extracts correlation rules among security events utilizing data mining. It can decrease the number of alert, reduce false alert and discover high-level attack strategies.
Keywords :
computer network security; data mining; computer networks; data mining; event correlation analysis; high-level attack strategies; redundancy causality; redundancy relationship; security events correlation method; security operations center; Computer architecture; Correlation; Data mining; IP networks; Intrusion detection; Redundancy; Correlation Analysis; Correlation Rules; Security Operations Center; Similarity;
Conference_Titel :
Intelligent Computation Technology and Automation (ICICTA), 2011 International Conference on
Conference_Location :
Shenzhen, Guangdong
Print_ISBN :
978-1-61284-289-9
DOI :
10.1109/ICICTA.2011.584
