| The rule engine is developed from the inference engine in the expert system based on the rules, and is used in more and more fields.Drools is a Java Rule Engine that uses the Rule Base to implement an Expert System and is more correctly classified as a Production Rule System. The pattern match process between the facts (data) and the production rules would infer a conclusion to generate the corresponding action. Its advantage is the ability to separate the logic and the application, the modification on the logic layer will become easier when the requirement was changed.In this paper an approach of analyzing security events review was proposed. Based on the Drools rule engine, a large amount of alerts generated by the security detection system were compressed and the whole operation(attack) procedure was reviewed. Firstly, the related technologies about the expert system based on the rules and the Drools rule engine were discussed. Secondly, the definition of the security events review was given. And the event sequence approach was adopted in the causality correlation analysis, and the generic programming was used to classify the events. The general model and correlation analysis model were constructed. The research focused on the detailed design tactics to the rule inference and the solutions to several key technologies.The whole design was replantful and could be used in many kinds of security detection system. Finally the proposal was simulated in the host detection and security audit system. The results reviewing the movable storage equipment alerts showed that the quantity compressibility of alerts was above 9.898 % and the attack (operation) procedure was successfully achieved. |
PDF Full Text Request