Research On Fusion Technology Of Multi-source Log Secure Information

As the rapid development of computer technology and increasingly scale of network, there are large number of hosts, data transmission equipments and various network security devices in the computer networks. When the networks are running, there can be producing lots of different types of log information which are correlated between each other including intrusion information. The traditional network security situational assessment methods usually analyze different data source logs separately without taking the connection among logs and the network performance status into account. The result is those methods can't reflect the network security status and trends. This paper presents a fusion model which is based on multi-source log security information. This model compensated the shortcomings of traditional assessment methods which are evaluating the network security status by using single-source log security information.This paper discussed the network security status nowadays and represented the goal and meaning of its subject. The Multi-source log complementary was also qualitatively described. At the mean time by normalizing the original log information, this paper got the alarm log which can be applied in the associated fusion directly.Second, on the basis of comprehensive studying and analyzing the classical model of multi-source information fusion this paper raised a multi-source log security information processing system model combining multi-source and heterogeneous log security information, realizing the acquainting, preprocessing, correlating and integrating the alarm log. The paper, in the alarm fusion module, Dempster-Sharer evidence theory was used to fuse dynamic alarm logs from heterogeneous sensors. In the basic probability assignment function of D-S,an adaptive mechanism was introduced to adapt to dynamic networks.Finally, the experiment verified that model of multi-source log security information processing system can significantly reduce the number of alarm and also solved the problems of false positive and false negative which happens in the single security equipments a lot.