Multi-source alert data understanding for security semantic discovery based on rough set theory
详细信息 查看全文
- 作者:Yiyang Yaoa ; xiayingjie@yuantiaotech.com" class="auth_mail" title="E-mail the corresponding authorAuthor Vitae ; Zhiqiang WangaAuthor Vitae ; Chun GanbAuthor Vitae ; Qian KangcAuthor Vitae ; Xuejiao LiucAuthor Vitae ; Yingjie XiadAuthor Vitae ; Luming ZhangdAuthor Vitae
- 关键词:Multi-source ; Understanding ; Security semantic ; Rough set theory ; Feature weight
- 刊名:Neurocomputing
- 出版年:2016
- 出版时间:5 October 2016
- 年:2016
- 卷:208
- 期:Complete
- 页码:39-45
- 全文大小:1128 K
文摘
To secure the network system, a large number of different information security devices, e.g., intrusion detection system, firewall, etc., have been deployed in the network. These devices can protect the network system from all aspects, but also bring new problems for information security administration. Massive alert data from different devices are increasingly generated and some real alerts are buried with the overwhelming alerts, which are mixed with a large amount of repetitive and false alerts. In this paper, we propose a multi-source alert data understanding scheme based on rough set theory for security semantic discovery. Firstly, we classify the alert data according to the data features to merge the multi-source alerts. Then, we calculate the weight for each classification of alerts by applying the rough set theory to historical data. Then we perform data aggregation by alert similarity computation to reduce repetitive alerts from different sources. Also, we introduce reliability metrics to measure the credibility of different alerts for further correlation and semantic analysis according to the network background information. We perform experiments on the collected data set in the real network system and DARPR 2000 data set. Experimental results show that our proposed method could reduce more than 80% repetitive alerts in the data sets.