期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2016
卷号:10
期号:2
页码:325-340
DOI:10.14257/ijsia.2016.10.2.29
出版社:SERSC
摘要:Developing computer technologies and a network of persistently growing size put massive hosts and transmission devices in a vast network at increasingly higher risks. Log information of various devices can facilitate the detection of intrusion and attacks. Log information from a single data source is, however, with limitations. The analysis results cannot precisely reflect the current network situation if log information in a single data source is analyzed without correlation to analysis of log information from different data sources. To better demonstrate network situation, this paper proposes an improved event scenario correlation method for multi-source log analysis via researching on numerous existing data fusion methods and event correlation methods as well as integration of conventional event scenario correlation (ESC) method with fuzzy reasoning. Experimental results prove that the proposed method significantly reduces the False Positive rate (FP rate) and False Negative rate (FN rate) of security logs.
关键词:security log information; data fusion; event correlation; fuzzy reasoning
