论文信息 - Multiclass Support Vector Machines Theory and Its Data Fusion Application in Network Security Situation Awareness

Multiclass Support Vector Machines Theory and Its Data Fusion Application in Network Security Situation Awareness

Network security situation awareness (NSSA) is an emerging technique in the field of network security and helps administrators to monitor the actual security situation of their networks. This paper mainly focuses on NSSA based on heterogeneous multisensor data fusion. We presented a model which adopted Snort and NetFlow as sensors to gather data from real network traffic. We employed Support Vector Machines as the fusion engine of our model and used efficient feature reduction approach to fuse the gathered data from heterogeneous sensors. Furthermore, we discussed the alert aggregation and security awareness generation techniques detailedly. Our model is proved to be feasible and effective through a series of experiments.

[1] Tim Bass,et al. Intrusion detection systems and multisensor data fusion , 2000, CACM.

[2] Mica R. Endsley,et al. Design and Evaluation for Situation Awareness Enhancement , 1988 .

[3] Jason Weston,et al. Support vector machines for multi-class pattern recognition , 1999, ESANN.

[4] Ying Liang,et al. Heterogeneous Multisensor Data Fusion with Neural Network: Creating Network Security Situation Awareness , 2007, IMECS.

[5] Basil S. Maglaris,et al. Towards multisensor data fusion for DoS detection , 2004, SAC '04.

[6] Jason Weston,et al. Multi-Class Support Vector Machines , 1998 .

[7] Yifan Li,et al. VisFlowConnect: netflow visualizations of link relationships for security situational awareness , 2004, VizSEC/DMSEC '04.