| Such problems as many alarms from NIDS widely used go with high false rate and high leak rate that exist in network security management usually be solved by correlation. However usual correlation method is too HinefficientH to deal with mass alarms, an approach of network security event correlation based on inference-engine, which holds efficient HarithmeticH to heighten HefficiencyH, was proposed by this paper. According to the results of comparative experiments, this approach can not only reduce the false rate and leak rate effectively, generate more accurate alarms, but also reduce the system response time, that provide the network managers further HtimelyH and credible information. Basing on in-depth analysis of the IDS technique, correlation, AI knowledge expression method, this paper researches the network security event correlation basing on inference engine. The major works of this paper are summarized as follows:1. It provides a unified knowledge expression method for the complex and various forms of network security data.2. Usual correlation method can not handle mass of the network security events, it provides an approach of network security event correlation based on inference engine, which achieve the purpose of real-time processing of events.3. To solve the consistency of drools inference-engine rule base, this paper designs and implement the rule automatic conversion machine which based on ossim rule base. In theory, any correct form XML rules can be conversed into form which drools inference-engine can identify.4. It provides an approach which can improve the performance of drools inference engine in theory.5. Based on the above researches, this paper implements the above works in YH-SOC system which is a system to analysis and forecast the network security situation. Its correctness is verified by comparative experiments. |
PDF Full Text Request