Title :
The security operations center based on correlation analysis
Author :
Yuan, Shuhong ; Zou, Chijia
Author_Institution :
Inf. Center, Zhejiang Univ., Hangzhou, China
Abstract :
With the development of the information technology, the network threats are rampant day by day. In order to protect company and organization network, They have deployed a variety of network security products, such as IDS (intrusion detection system), firewalls, VPN and AVS (anti-virus system). Because of the lack of data exchange mechanism, security product cannot share the security information each other and causes the large volume of alarm message or false alarm. In this case, we need a platform or system to solve this problem The security operations center can collect and manage these security events and analyzes the related information, can reduce the false positives and false negatives, and improve security of network system. In this paper, we do some research on the event correlation analysis, introduce the processes of the analysis and the method of rule extraction, and then introduce the system architecture of security operations center.
Keywords :
authorisation; computer network security; data mining; virtual private networks; IDS; VPN; alarm message; antivirus system; company network protection; event correlation analysis; false alarm; false negatives; false positives; firewall; information technology; intrusion detection system; network security; network threat; organization network protection; rule extraction; security event collection; security event management; security information analysis; security operations center; system architecture; Association rules; Correlation; Filtering; Fires; Intrusion detection; Correlation analysis; Network security; Rule extraction;
Conference_Titel :
Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on
Conference_Location :
Xi´an
Print_ISBN :
978-1-61284-485-5
DOI :
10.1109/ICCSN.2011.6013727
