Research on the techniques of security events correlation

Journal of Computer Applications ›› 2005, Vol. 25 ›› Issue (07): 1526-1528.

• Information security • Previous Articles Next Articles

Research on the techniques of security events correlation

GAO Lei^1,2, XIAO Zheng^1,2, WEI Wei^1,3, SUN Yun-ning^1,3

1. Institute of Computing Technology,Chinese Academy of Sciences; 2. Graduate School,Chinese Academy of Sciences; 3. Lenovo Corporation of Research

Received:2005-01-02 Revised:2005-03-06 Online:2005-07-01 Published:2005-07-01

安全关联分析相关技术的研究

高雷^1,2，肖政^1,2，韦卫^1,3，孙育宁^1,3

1.中国科学院计算技术研究所，北京 100080； 2.中国科学院研究生院，北京 100039；
3.联想研究院，北京 100085

作者简介:高雷（1980-），男，湖北武汉人，硕士研究生，主要研究方向：网络安全；肖政（1976-），男，安徽巢湖人，博士研究生，主要研究方向：网络安全管理、计算机安全体系结构；韦卫（1964-），男，河南郑州人，研究员，博士，主要研究方向：网络安全、密码学、密码协议安全体系结构；孙育宁（1965-），男，江苏南京人，研究员，博士，主要研究方向：计算机应用、网络应用、系统测试、性能优化
基金资助:
〗国家863计划项目（2002AA142030）；国家863计划项目（2003AA148020）

Abstract

Abstract:

The events correlation techniques in security integration management systems were introduced. A normal architecture of the correlation engine was introduced, and some discussions on the critical technologies and the main achievements in the field were put forward. The directions of the technology development were analyzed and evaluated, such as pattern obtainment, engine distribution and performance promotion. At last, a solution based on hierarchical rules to correlate events was presented.

Key words: architecture of the security events correlation, causal correlation, temporal correlation, engine distribution; pattern abstration, hierarchical rules

摘要：

着重研究网络安全集中管理系统中的关联分析技术，对其通用体系结构及其关键分析技术(产生式关联、即时关联等)、研究趋势（模式抽取、部署架构等）进行了探讨，并提出了基于层级式规则的关联分析解决方案。

关键词: 安全关联分析架构, 产生式关联, 即时关联, 引擎部署, 模式抽取, 层级式规则

CLC Number:

TP393.07

GAO Lei, XIAO Zheng, WEI Wei, SUN Yun-ning. Research on the techniques of security events correlation[J]. Journal of Computer Applications, 2005, 25(07): 1526-1528.

高雷，肖政，韦卫，孙育宁. 安全关联分析相关技术的研究[J]. 计算机应用, 2005, 25(07): 1526-1528.

References

[1]HAINES J, RYDER DK. Validation of sensor alert correlators
[J]. IEEE Security & Privacy, 2003,1(1):46-56.

[2]KLIGER S, YEMINI S. A coding approach to event correlation
[A]. Proceedings of 4th International Symposium on Integrated Network Management (IFIP/IEEE)
[C]. Santa Barbara, CA, 1995.

[3]GRUSCHKE B. Integrated event management:event correlation using dependency graphs
[A]. DSOM'98
[C], 1998.

[4]HASAN M, SUGLA B, VISWANATHAN R. A conceptual framework for network management event correlation and filtering systems
[A]. Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Management
[C], 1999.

[5]LIU G, MOK AK, YANG EJ. Composite event for network event correlation
[A]. Proceedings of IM'99
[C], 1999.

[6]OHSIE D, MAYER A, KLIGER S. Event modeling with the MODEL language:A tutorial introduction
[EB/OL]. http://www.smarts.com/resources/code_tpapers_model.pdf, 2004-12.

[7]CUPPENS F,MIEGE A. Alert correlation in a cooperative intrusion detection framework
[A]. Proceedings of the 2002 IEEE Symposium on Security and Privacy
[C], 2002.

[8]GULA R. Correlating IDS alerts with vulnerability information
[EB/OL]. http:// www.tenablesecurity.com/white_papers/va-ids.pdf, 2004-12.

[9]
DEBAR H, WESPI A. Aggregation and Correlation of Intrusion-Detection Alerts
[A]. RAID 2001,LNCS 2212
[C],2001. 85-103.

[10]LEE W, STOLFO SJ. A framework for constructing features and models for intrusion detection systems
[J]. ACM Transactions on information and system security, 2000,3(4):227-261.

[11]STOLFO SJ, LEE W. Data mining-based intrusion detectors:An overview of the Columbia IDS project
[J]. SIGMOD Record, 2001,30(4):5-14.

[12]LEE W, STOLFO SJ. Real time data mining-based intrusion detection
[A]. Proceedings of DISCEX II
[C], 2001.

[13]LOCASTO ME, PAREKH JJ, STOLFO S. CUCS-012-04, Collaborative distributed intrusion detection
[R], 2004.

Research on the techniques of security events correlation

安全关联分析相关技术的研究

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 8

Recommended Articles

Metrics

[1]	CAO Yu, WANG Cheng, WANG Xin, GAO Yueer. Urban road short-term traffic flow prediction based on spatio-temporal node selection and deep learning [J]. Journal of Computer Applications, 2020, 40(5): 1488-1493.
[2]	MA Mengying, ZENG Yali, WEI Tiantian, CHEN Zhide. Fault diagnosis algorithm of WSN based on precondition of neighbor nodes [J]. Journal of Computer Applications, 2018, 38(8): 2348-2352.
[3]	JIN Feng, TANG Hong, ZHANG Jinyan, YIN Lixin. Pilot optimization and channel estimation in massive multiple-input multiple-output systems based on compressive sensing [J]. Journal of Computer Applications, 2018, 38(5): 1447-1452.
[4]	CHEN Meizi WANG Xiaodong LI Shaobo ZHANG Lianjun. Distortion estimated model for high definition stereoscopic video transmission [J]. Journal of Computer Applications, 2014, 34(12): 3409-3413.
[5]	WANG Ling SHI Weiren SHI Xin SONG Ningbo RAN Qike. Data compression and optimization algorithm for wireless sensor network based on temporal correlation [J]. Journal of Computer Applications, 2013, 33(12): 3453-3456.
[6]	ZHUANG Yanbin GUI Yuan XIAO Xianjian. Compressed Video Sensing Method Based on Motion Estimation and Backtracking based Adaptive Orthogonal Matching Pursuit [J]. Journal of Computer Applications, 2013, 33(09): 2577-2579.
[7]	Feng XIN . Fast inter mode decision algorithm for H.264/AVC [J]. Journal of Computer Applications, 2008, 28(12): 3157-3159.
[8]	LI Lei-sheng,XIAO De-gui. Gait recognition based on moment invariants [J]. Journal of Computer Applications, 2005, 25(08): 1795-1796.