A correlation analysis method of network security events based on rough set theory

Author

Jing Liu ; Lize Gu ; Guosheng Xu ; Xinxin Niu

Author_Institution

Inf. Security Center, Beijing Univ. of Posts & Telecommun., Beijing, China

fYear

2012

fDate

21-23 Sept. 2012

Firstpage

517

Lastpage

520

Abstract

Network security event correlation can find real threat through correlating security events and logs generated by different security devices and can be aware of the network security situation accurately. This paper propose a network security events correlation scheme based on rough set, build database of network security events and knowledge base, gives rule generation method and rule matcher. This method solves the simplification and correlation of massive security events through combining data discretization, attribute reduction, value reduction and rule generation.

Keywords

computer network security; correlation methods; knowledge based systems; pattern matching; rough set theory; attribute reduction; correlation analysis; data discretization; knowledge base; network security event correlation; network security event database; real threat; rough set theory; rule generation method; rule matcher; security device; value reduction; Algorithm design and analysis; Correlation; Data mining; Entropy; Runtime; Security; Set theory; Correlation analysis; Network security event; Rough set; Sequence pattern;

fLanguage

English

Publisher

ieee

Conference_Titel

Network Infrastructure and Digital Content (IC-NIDC), 2012 3rd IEEE International Conference on

Conference_Location

Beijing

Print_ISBN

978-1-4673-2201-0

Type

conf

DOI

10.1109/ICNIDC.2012.6418807

Filename

6418807