Research Of Network Security Events Correlation And Design Of System

Posted on:2009-04-28

Degree:Master

Type:Thesis

Country:China

Candidate:H J Li

Full Text:PDF

GTID:2178360278480770

Subject:Military Equipment

Abstract/Summary:

PDF Full Text Request

It can resolute network security problem partially or absolutely to set many types of network security devices (firewall, ids, vulnerability_scaner, etc) in network environment. However, it is arduous to analyze the security events generated by these devices. Correlation is an effective technology for security events analysis. It is the main task of this paper to analyze these security events and study the existing correlation model, correlation methods and design an effective, advanced network security events correlation system.In this thesis, after analyzing the achievement of the related field, we complete the following works:1. We present a model of security events correlation (SecModel) . With the model, we can analyze those security events effectively by filtering, aggregating, reconstructing, appraising of security event priority.2. We propose a correlation method for filtering security events. By virtue of the method, we can eliminate the false alarm in intrusion alerts to a certain extent, and discover the attack submerged all types of logs.3. We propose a correlation technique based on Fp_Growth algorithms for reconstructing security events. As a result, we can achieve the goal of reproducing multi_steps intrusion, and disclosing the tactic and logic process of attackers.4. The method for evaluating the priority of security events is proposed. We fix the priority of every event according to their harms to information system. With the arrangement of the priority from high to low, administrator could just pay attention to the more harmful events.5. We design and implement a system for security events correlation. The system is composed of three layers: security events collecting layer, correlating layer and managing layer. This system's function includes events collecting and generalizing, events filtering, events aggregating, events reconstructing, and the evaluating of events priority. In the end, we show that the security events correlation system is feasible and advanced in practice.

Keywords/Search Tags:

Security Events, Correlation Model, correlation method, correlation system, Filter, Reconstruct, Evaluation of Priority

PDF Full Text Request

Related items

1	Research And Application Of Correlation And Analysis Techniques For Network Security Events
2	Research On The Model For Correlation Analysis And Influence Evaluation Of Network Security Event
3	Research On Link Correlation In Wireless Networks
4	Study On The Real-time Correlative Technologies Of Network Security Events
5	A Trust Model Which Based On The Method Of Grey Correlation
6	Detection And Correlation Analysis System For Network Security Event
7	Research On Security Audit Events Visualized Correlation Analysis
8	Research On Attack Scenarios Reconstructing Method Based On Causal Correlation And Probabilistic Correlation
9	A Three-dimensional Imaging Method And System Based On Spatiotemporal Correlation
10	Comparison And Application Of Several Correlation Analysis Methods