期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2013
卷号:7
期号:3
出版社:SERSC
摘要:With increasing requirements of network users for intelligent security management, unified network security management has become a fashion, and a remarkable development trend is the adoption of an alert-centric event correlation manner. This paper then introduces Extenics into the study on alert-centric event correlation for unified network security management and proposes a formalized approach using basic-elements based on the extension theory. The proposed approach utilizes the basic-elements to formalize the representations of alerts, events, and also correlation policies for network security in a unified manner, and then makes full use of the extension theory to formalize basic operators for extension expressions and extension functions in order to realize alert-centric event correlation. Validation scenarios of timing constraints show that, the proposed approach provides a prospective way to alert-centric event correlation for unified network security management by introducing basic-elements and utilizing extension expressions and extension functions with the use of containing analysis, sequencing analysis and extension transformations based on the extension theory.
