An Improved Event Scenario Correlation Method for Multi-Source Security Log

Developing computer technologies and a network of persistently growing size put massive hosts and transmission devices in a vast network at increasingly higher risks. Log information of various devices can facilitate the detection of intrusion and attacks. Log information from a single data source is, however, with limitations. The analysis results cannot precisely reflect the current network situation if log information in a single data source is analyzed without correlation to analysis of log information from different data sources. To better demonstrate network situation, this paper proposes an improved event scenario correlation method for multi-source log analysis via researching on numerous existing data fusion methods and event correlation methods as well as integration of conventional event scenario correlation (ESC) method with fuzzy reasoning. Experimental results prove that the proposed method significantly reduces the False Positive rate (FP rate) and False Negative rate (FN rate) of security logs.

[1]  Hu Jun Design and Implementation of Log Audit System , 2006 .

[2]  Yue Gao,et al.  The Study of Network Security Event Correlation Analysis Based on Similar Degree of the Attributes , 2013, 2013 Fourth International Conference on Digital Manufacturing & Automation.

[3]  Jing Liu,et al.  A correlation analysis method of network security events based on rough set theory , 2012, 2012 3rd IEEE International Conference on Network Infrastructure and Digital Content.

[4]  Masaru Noda,et al.  Event correlation analysis for alarm system rationalization , 2011 .

[5]  Maan El Badaoui El Najjar,et al.  Multi-sensor data fusion based on information theory. Application to GNSS positionning and integrity monitoring , 2012, 2012 15th International Conference on Information Fusion.

[6]  Juan Wang,et al.  Research on prediction technique of network situation awareness , 2008, 2008 IEEE Conference on Cybernetics and Intelligent Systems.

[7]  Andrew P. Longstaff,et al.  Application of multi sensor data fusion based on principal component analysis and artificial neural network for machine tool thermal monitoring , 2015 .

[8]  Thierry Ranchin,et al.  A case based reasoning data fusion scheme: application to offshore wind energy resource mapping , 2006, 2006 9th International Conference on Information Fusion.

[9]  Pascal Vasseur,et al.  Introduction to multi-sensor data fusion , 2004 .

[10]  Joanne C. White,et al.  A new data fusion model for high spatial- and temporal-resolution mapping of forest disturbance based on Landsat and MODIS , 2009 .

[11]  Masaru Noda,et al.  Identification of Nuisance Alarms in Operation Log Data of Ethylene Plant by Event Correlation Analysis , 2012 .

[12]  AHMAD JAKALAN Network Security Situational Awareness , 2013 .

[13]  Hamid Aghajan,et al.  Smart home care network using sensor fusion and distributed vision-based reasoning , 2006, VSSN '06.

[14]  Ying Zhao,et al.  NetSecRadar: A Visualization System for Network Security Situational Awareness , 2013, CSS.

[15]  Witold Pedrycz,et al.  Collaborative clustering with the use of Fuzzy C-Means and its quantification , 2008, Fuzzy Sets Syst..

[16]  Xiao Yun Network Security Situational Awareness Model Based on Information Fusion , 2010 .

[17]  Peter Reinartz,et al.  Factor graph models for multisensory data fusion: From low-level features to high level interpretation , 2012, 2012 IEEE International Geoscience and Remote Sensing Symposium.

[18]  Hugh Durrant-Whyte Data fusion in sensor networks , 2005 .

[19]  Abasi A Network Security Situational Awareness Model Based on Information Fusion , 2013 .

[20]  Richard B. Dull,et al.  Secure Information Market: A Model to Support Information Sharing, Data Fusion, Privacy, and Decisions , 2014, J. Inf. Syst..

[21]  Feng Zhao,et al.  Data Fusion in Sensor Networks , 2009, Encyclopedia of Database Systems.

[22]  Dong Hwi Lee,et al.  A study on abnormal event correlation analysis for convergence security monitor , 2011, Cluster Computing.

[23]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[24]  Fortunato Santucci,et al.  Distributed data fusion over correlated log-normal sensing and reporting channels: Application to cognitive radio networks , 2009, IEEE Transactions on Wireless Communications.

[25]  Gemma Piella,et al.  A general framework for multiresolution image fusion: from pixels to regions , 2003, Inf. Fusion.