Applying Basic-Elements and the Extension Theory to Alert-centric Event Correlation for Unified Network Security Management

With increasing requirements of network users for intelligent security management, unified network security management has become a fashion, and a remarkable development trend is the adoption of an alert-centric event correlation manner. This paper then introduces Extenics into the study on alert-centric event correlation for unified network security management and proposes a formalized approach using basic-elements based on the extension theory. The proposed approach utilizes the basic-elements to formalize the representations of alerts, events, and also correlation policies for network security in a unified manner, and then makes full use of the extension theory to formalize basic operators for extension expressions and extension functions in order to realize alert-centric event correlation. Validation scenarios of timing constraints show that, the proposed approach provides a prospective way to alert-centric event correlation for unified network security management by introducing basic-elements and utilizing extension expressions and extension functions with the use of containing analysis, sequencing analysis and extension transformations based on the extension theory.