An Alert Fusion Method Based on Grey Relation and Attribute Similarity Correlation
DOI:
https://doi.org/10.3991/ijoe.v12i08.5958Keywords:
Grey correlation analysis, Attribute similarity, Aggregation, Hyper alertsAbstract
Various security devices which produce a large volume of logs and alerts have been used widely. It is such a troublesome and time-consuming task for network managers to analyze and deal with the information. This paper presented an improved alerts aggregation method based on grey correlation and attribute similarity method. We used grey correlation to ascertain the importance of alert attributes in network security, and considered it as the weight of attributes. Then we combined with the attribute similarity method and calculated the overall feature similarity in order to complete alert aggregation. Experiments results showed that this method had a strict mathematical theory basis and a higher practical value, which can effectively reduce raw alerts and reduce redundancy for alert data fusion.
Downloads
Published
2016-08-30
How to Cite
Liang, W., Chen, Z., Wen, Y., & Xiao, W. (2016). An Alert Fusion Method Based on Grey Relation and Attribute Similarity Correlation. International Journal of Online and Biomedical Engineering (iJOE), 12(08), pp. 25–30. https://doi.org/10.3991/ijoe.v12i08.5958
Issue
Section
Papers
