一种基于属性哈希的告警日志去重方法

doi:10.11896/j.issn.1002-137X.2016.6A.079

计算机科学 ›› 2016, Vol. 43 ›› Issue (Z6): 332-334.doi: 10.11896/j.issn.1002-137X.2016.6A.079

一种基于属性哈希的告警日志去重方法

胡倩,罗军勇,尹美娟,曲小美

信息工程大学网络安全空间学院郑州450002,信息工程大学网络安全空间学院郑州450002,信息工程大学网络安全空间学院郑州450002,信息工程大学网络安全空间学院郑州450002

出版日期:2018-11-14 发布日期:2018-11-14

Method of Duplicate Removal on Alert Logs Based on Attributes Hashing

HU Qian, LUO Jun-yong, YIN Mei-juan and QU Xiao-mei

Online:2018-11-14 Published:2018-11-14

摘要/Abstract

摘要： 网络安全防护设备产生的告警日志中存在大量重复告警,影响实时的网络威胁态势分析。为解决告警日志的实时准确去重问题,提出了一种基于属性哈希的告警日志去重方法。该方法采用属性哈希实现重复告警的快速检测,并采用哈希表同时解决了大量非重复告警日志的存储问题。在基于Darpa数据集构建的告警日志上进行了实验,结果表明该方法在保证较低时间复杂度的同时,去重准确率可以达到95%以上。

关键词: 告警日志,重复告警,属性哈希

Abstract: Alarm logs generated by network security equipment have a large number of repeated alarms,which impact real-time network situational threat analysis.In order to solve real-time accurate de-duplication problem of alarm logs,we proposed a method of duplicate removal on alert logs based on attributes hash.The method uses attribute hash for duplicate alarms quick detection and uses the hash table to solve the storage problem of a large number of non-repeating alarm logs at the same time.Conducted experiments results in the alarm log based on Darpa data set show that the method ensures lower time complexity,while deduplication accuracy rate can reach 95%.

Key words: Alert log,Repeat alert,Property hash

胡倩,罗军勇,尹美娟,曲小美. 一种基于属性哈希的告警日志去重方法[J]. 计算机科学, 2016, 43(Z6): 332-334. https://doi.org/10.11896/j.issn.1002-137X.2016.6A.079

HU Qian, LUO Jun-yong, YIN Mei-juan and QU Xiao-mei. Method of Duplicate Removal on Alert Logs Based on Attributes Hashing[J]. Computer Science, 2016, 43(Z6): 332-334. https://doi.org/10.11896/j.issn.1002-137X.2016.6A.079

参考文献

[1] 郭帆,叶继华,余敏.一种分步式IDS告警聚合模型的设计和实现[J].计算机应用研究,2009,6(1):325-330
[2] 刘夏龙.入侵检测告警数据的过滤与聚合技术研究[D].北京:中国科学院研究生院,2012
[3] Andersson D,Fong M,Valdes A.Heterogeneous Sensor Correlation:A Case Study of Live Traffic Analysis[C]∥ Proceeding of Third Ann.IEEE Information Assurance Workshop:IEEE Computer Society.StuartFeldman,MikeUretsky,New York,USA,June 2002:198-207
[4] Valdes A,Skinner K.Adaptive,Model-Based Monitoring for Cyber Attack Detection[C]∥Proceeding of RAID2000 Conf:RAID 2000.2000:204-217
[5] Valdes A,Skinner K.An Approach to Sensor Correlation[C]∥Proceeding of Int’l Symp:Recent Advances in Intrusion Detection:IEEE Computer Society.2000:197-201
[6] Valdes A,Skinner K.Probabilistic alert correlation[C]∥Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001).Davis,CA,USA,2001,London,UK:Springer,2001:54-68
[7] 王源.一种基于Simhash的文本快速去重算法[D].吉林:吉林大学,2014
[8] 张曼等.基于SHA-1 的邮件去重算法[J].计算机工程,2008,34(11):270-272
[9] 黄思斯.基于多 IDS 系统的攻击场景重建方法的研究[D].武汉:华中科技大学,2007
[10] 黄汉永,肖杰,张驹.一种基于Hash函数抽样的数据集流聚类算法[J].计算机系统应用,2009,8(3):73-75
[11] Mit L L.DARPA 2000 intrusion detection evaluation datasets.(2000).http://ideval.ll.mit.edu/2000 index.html
[12] Mit L L.DARPA1999 intrusion detection evaluation datasets.(1999).http://www.ll.mit.edu/2st/ideval/data/1999/1999_data_index.html
[13] 尹美娟.基于邮件正文的邮箱用户别名抽取[J].计算机科学,2011,8(12):200-202

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

一种基于属性哈希的告警日志去重方法

Method of Duplicate Removal on Alert Logs Based on Attributes Hashing

PDF (PC)

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 0

Metrics

本文评价

推荐阅读 0