| In the field of network security, contradiction between network attackers and users goes on and on. Meanwhile, a great variety of tools and a mass of information make a high request for network security managers, especially when facing current trend of comprehensive attacks, with which traditional single security management modes fail to deal. And with increasing requirements of network users for intelligent security management, a new integrated solution for network security management, or in other words, unified network security management has become a fashion.A unified network security management system is desired to realize centralized monitor, uniform policy management, intelligent audit and interaction among various security function modules. And in this way, it will simplify the task of network security management, improve security level, controllability and manageability of the network, as well as reduce user's overall spending for overall security management. Thus under this background, two techniques namely collaboration and correlation are adopted by more and more researchers and engineers.At the same time, Intrusion Detection System (IDS) has evolved as an important tool for network security monitor, while a remarkable development trend of unified network security management is the adoption of an IDS-centric correlation manner. But the detection mechanisms of traditional IDSs has weaknesses including too fine grain, isolated alarming and lack of environmental consciousness. As a matter of fact, researches on post-IDS analysis become a focus, aiming in collaboration and correlation. From this point of view, collaborative alert analysis can be generally divided into three stages, which are alert aggregation, alert evaluation and alert correlation. However, the main problem existing is how to guarantee integrated collection and unified representation of context information for security alerts. And the fact is that, a practical and efficient approach is still lacking these days, which influents the realization of unified network security management.This paper discusses issues related to collaborative alert analysis techniques for network security. And the aim of this paper is then to introduce XML-based integrated network management techniques for implementation of alert analysis in order to promote the interaction of collaboration and correlation, and with the use of security ontology by means of OWL+SWRL based on CM Schema for unified representation of information and knowledge, propose a promising approach for collaborative alert analysis techniques based on integrated network management as an important stage to realize unified network security management. Finally, some main implementation issues are also provided in this paper, and experiment results show that, proposed approach is effective in reducing the rate of false positives and optimizing the building of attack scenarios. |
PDF Full Text Request