An Alert Fusion Method Based on Grey Relation and Attribute Similarity Correlation

Wei Liang, Zuo Chen, Ya Wen, Weidong Xiao

Abstract


Various security devices which produce a large volume of logs and alerts have been used widely. It is such a troublesome and time-consuming task for network managers to analyze and deal with the information. This paper presented an improved alerts aggregation method based on grey correlation and attribute similarity method. We used grey correlation to ascertain the importance of alert attributes in network security, and considered it as the weight of attributes. Then we combined with the attribute similarity method and calculated the overall feature similarity in order to complete alert aggregation. Experiments results showed that this method had a strict mathematical theory basis and a higher practical value, which can effectively reduce raw alerts and reduce redundancy for alert data fusion.

Keywords


Grey correlation analysis; Attribute similarity; Aggregation; Hyper alerts

Full Text:

PDF



International Journal of Online and Biomedical Engineering (iJOE) – eISSN: 2626-8493
Creative Commons License
Indexing:
Scopus logo Clarivate Analyatics ESCI logo IET Inspec logo DOAJ logo DBLP logo EBSCO logo Ulrich's logo Google Scholar logo MAS logo