Hierarchical Filtering Method of Alerts Based on Multi-Source Information Correlation Analysis

Nowadays, the threats of Internet are enormous and increasing, however, the classification of huge alert messages generated in this environment is relatively monotonous. It affects the accuracy of the network situation assessment, and also brings inconvenience to the security managers to deal with the emergency. In order to deal with potential network threats effectively and provide more effective data to improve the network situation awareness. There is almost no alerts filtering in the existing network situation assessment and decision making process. Or existing job processing has a large alerts filter granularity and there are many redundant alert data. It is essential to build a hierarchical filtering method to prevent the threats. In this paper, it establishes a method for data monitoring, which can filter systematically from the original data to get the grade of threats and be stored for using again. Firstly, it filters multi- source alerts based on the vulnerable resources, open ports of host devices and services. Then calculate the performance changes of the host devices at the time of the threat occurring, and filter the data using the difference of performance entropy again. At last, it sorts the changes of the performance value at the time of threat occurring. The alerts and performance data are collected in the real network environment, and the comparative experimental analysis shows that the threat filtering method can effectively filter the threat alerts.

[1]  Roberto Tamassia,et al.  Graph Drawing for Security Visualization , 2009, GD.

[2]  T. Bass,et al.  Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems , 1999 .

[3]  Selvakumar Manickam,et al.  An Adaptive Assessment and Prediction Mechanism in Network Security Situation Awareness , 2017, J. Comput. Sci..

[4]  Donald C. Wunsch,et al.  Coordinated machine learning and decision support for situation awareness , 2009, Neural Networks.

[5]  Ying Liang,et al.  Network security situation awareness based on heterogeneous multi-sensor data fusion and neural network , 2007 .

[6]  Ioannis Lambadaris,et al.  Current Trends and Advances in Information Assurance Metrics , 2004, Conference on Privacy, Security and Trust.

[7]  Wang Chunlei,et al.  A framework for network security situation awareness based on knowledge discovery , 2010, 2010 2nd International Conference on Computer Engineering and Technology.

[8]  B. Eter,et al.  A SOM and Bayesian Network Architecture for Alert Filtering in Network Intrusion Detection Systems , 2006, 2006 2nd International Conference on Information & Communication Technologies.

[9]  Andri Riid,et al.  Situation awareness for networked systems , 2011, 2011 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA).

[10]  Xu Yang,et al.  Intrusion Detection Alarm Filtering Technology Based on Ant Colony Clustering Algorithm , 2015, 2015 Sixth International Conference on Intelligent Systems Design and Engineering Applications (ISDEA).

[11]  Thomas G. Dietterich,et al.  Machine Learning Methods for High Level Cyber Situation Awareness , 2010, Cyber Situational Awareness.