| With the rapid development of Internet, network security problem has become a kind of major problems puzzling people. Individual fighting of all security equipments can no longer meet the needs for network security, it urgently needs to effectively assist them to deal with the increasingly complex network problems. How to link up various security equipments, automatically predicting dangers existing in the network, has become one of the focus problems in current network information security research.This paper, combined with characteristics of security events produced by various security equipment in network security equipment linkage system, aiming at deficiencies of incremental association rules algorithm, namely FUP algorithm, introduces the idea of matrix, improves FUP algorithm, and verifies the superiority of improved algorithm in time complexity and space complexity through theoretical analysis and simulation experiment. On this basis, this paper designs a hierarchical event correlation model. This model collects event information from agents first, formatting them with unified event form; then eliminates redundant duplicate datas with filtering rules and aggregation rules, and stores the processed security event into event database; finds out association rules hiddening behind datas by mining security events with improved FUP algorithm and notifies the administrator, so as to take preventive measures timely to prevent possible dangerous events; the administrator can query the specific security event and the current network status,etc. Finally, apply this model to network security equipment linkage system, using firewall log and user log as the data sources, according to the data processing flow of the model, realize the predication of abnormal behavior and attack behavior, verify the effectiveness of the model, further perfect and improve the whole performance of the system. |
PDF Full Text Request