Research on multi-source security log fusion method

• Engineering and Technology • Previous Articles Next Articles

Research on multi-source security log fusion method

WANG Shuang

（Information Security Evaluation Center, CAUC, Tianjin 300300, China）

Received:2017-05-08 Revised:2017-06-14 Online:2017-10-25 Published:2017-12-14

Abstract

Abstract: In order to effectively find hidden attacks in network, taking multi-source log as research object, an improved weighted trust value D-S evidence theory is proposed to fuse logs. With data preprocessing and dynamic selfadaptive time interval threshold algorithm, super warning log is aggregated. Taking detection rates of different alarm events by safety equipment as evidence, the weights of alarm data are dynamically revised and fused.Comparison between experimental result and traditional D-S evidence theory algorithm indicates that the improved weighted trust value D-S evidence theory can improve the detection accuracy of network alarm event.

Key words: multi-source log, dynamic self-adaptive time interval threshold, D-S evidence theory, log fusion

CLC Number:

TP399

WANG Shuang. Research on multi-source security log fusion method[J]. .

References

[1] TIMB.MultisensorDataFusionforNextGenerationDistributed IntrusionDetection Systems[C]//1999 IRIS National Symposium on Sensor and Data Fusion, Laurel, USA, 1999.
[2] STEPHEN L. The spinning cube of potential doom[J]. Communications of the ACM, 2004, 47(6): 25-26.
[3] 刘效武, 王慧强,禹继国, 等. 基于多源融合的网络安全态势感知模型[J].解放军理工大学学报(自然科学版), 2012, 13(4): 403-407.
[4] ASIFIQBAL H, UDZIR N I, MAHMOD R, et al. Filtering events using clustering in heterogeneous security logs[J]. Information Technology Journal, 2011, 10(4): 798-806.
[5] MYERS J, GRIMAILA M R, MILLS R F. Log-based Distributed Security Event Detection Using Simple Event Correlator[C]//the 44th Hawaii International Conference on SystemSciences, Hawaii, 2011.
[6] 黄林,吴志杰,黄晓芳,等.一种改进的多源异构告警聚合方案[J].计算机应用研究, 2014, 31(2): 579-582.
[7] 于兆良, 张文涛, 葛伟, 等. 基于Hadoop 平台的日志分析模型[J].计算机工程与设计, 2016, 37(2): 338-344.
[8] 亚静.基于多源日志的网络威胁分析系统的研究[D]. 北京: 北京交通大学, 2014.
[9] 赵皓,高智勇,高建民, 等. 一种采用相空间重构的多源数据融合方法[J].西安交通大学学报, 2016, 50(8): 84-89.
[10] 殷俊, 王海燕, 潘显萌. 基于DNS 重定向技术的网络安全审计系统[J].计算机科学, 2016, 43(S2): 407-410.
[11] ALGHAMDI NS, RAHAYU W, PARDEDE E. Semantic-based structural and content indexing for the efficient retrieval of queries over large data repositories[J]. Future Generation Computer Systems, 2014,37(7): 212-231.
[12] 谢珏.分布式拒绝服务攻击模拟系统设计与实现[D]. 四川: 电子科技大学, 2014.
[13] 赵新杰,刘渊,孙剑, 等.基于迁移学习和D-S 理论的网络异常检测[J].计算机应用研究, 2016, 33(4): 1137-1140.
[14] 李建平,王晓凯. 基于模糊神经网络的无线传感器网络可靠性评估[J].计算机应用, 2016, 36(z2): 69-72.