| With the rapid development of network and information technology, situationalawareness of network safety is attracted more and more attention. Two kinds of data sourcesof situational awareness, which are multisource log information and SNMP data information,are playing to their respective roles. However, situational awareness systems based on singlesensor have disadvantages of high false positive rate and false negative rate. For thecharacteristics of the two kinds of data sources, a fusion model called F-ECS based on theimproved method of events correlated with scenarios is proposed. The theory of fuzzy set isalso introduced. And finally correlated fusion of multisource security information is realized.First of all, the importance of multisource log information and SNMP data information inthe area of network situational awareness is stated. Besides the related technology and theresearch status at home and abroad of the area are introduced.Then, the data characteristics of multisource log information and SNMP data informationis compared. For the characteristics of the two kinds of data sources and contrasts of someother information fusion methods, the method of events correlated with scenarios is selectedand improved. Thereby the algorithm of events correlated with scenarios based on the fuzzyset is raised.Moreover, taking the above algorithms as theoretical bases, a fusion model ofmultisource security information is constructed. In addition, the information acquisition unit,fuzzy clustering unit, information preprocessing unit, knowledge base unit, informationcorrelation unit and visual topology unit are designed and realized.At last, the availability and validity of the fusion model based on multisource securityinformation which is proposed in this paper is proved by setting up the experiment platform,contrasting the improved fusion model with the un-improved ones as well as the ones basedon single sensor. |
PDF Full Text Request