An Alert Fusion Method Based on Grey Relation and Attribute Similarity Correlation
DOI:
https://doi.org/10.3991/ijoe.v12i08.5958Keywords:
Grey correlation analysis, Attribute similarity, Aggregation, Hyper alertsAbstract
Various security devices which produce a large volume of logs and alerts have been used widely. It is such a troublesome and time-consuming task for network managers to analyze and deal with the information. This paper presented an improved alerts aggregation method based on grey correlation and attribute similarity method. We used grey correlation to ascertain the importance of alert attributes in network security, and considered it as the weight of attributes. Then we combined with the attribute similarity method and calculated the overall feature similarity in order to complete alert aggregation. Experiments results showed that this method had a strict mathematical theory basis and a higher practical value, which can effectively reduce raw alerts and reduce redundancy for alert data fusion.
Downloads
Published
How to Cite
Issue
Section
License
The submitting author warrants that the submission is original and that she/he is the author of the submission together with the named co-authors; to the extend the submission incorporates text passages, figures, data or other material from the work of others, the submitting author has obtained any necessary permission.
Articles in this journal are published under the Creative Commons Attribution Licence (CC-BY What does this mean?). This is to get more legal certainty about what readers can do with published articles, and thus a wider dissemination and archiving, which in turn makes publishing with this journal more valuable for you, the authors.
By submitting an article the author grants to this journal the non-exclusive right to publish it. The author retains the copyright and the publishing rights for his article without any restrictions.