| Today, network security issues are emerging, in the face of these security issues, a wide range of security products have been on .such as intrusion detection system, firewall, security scanning and anti-virus software. They were from different aspects of security to protect the network system, and play an important role in network security. Meanwhile, these security products that deployed in the network would product massive security incidents everyday.However, how to extract valued information from the multitude of Massive security incidents? Therefore,this paper raised a solution which based on the data mining and information amalgamation technology.First, this paper introduces the current status that domestic and overseas research findings about management of the security incidents, and then put forward the data mining and information amalgamation technologies, then giving detailed depiction and specific algorithm of those technology applied in the security event log data. These technologies include: association rules, statistics, forecast and analysis. Association rules can find some correlation info between these fields. By use of statistic techniques of data mining we can draw exact and plain statistics reporting from the chaotic and massive data. By use of predictive analysis techniques, we can predict the coming incidents.Shortly after, the paper presents a detailed model based on data mining technologies and amalgamation technologies. This framework of security incidents mainly include the following parts: data collection, processing and storage, data analysis and data mining,visualization of the process result.Finally, based on this model mentioned above, In the last of this paper presented that data mining technology and information amalgamation technology's prospects and practical value in information security incidents management. |
PDF Full Text Request