The Study of Network Security Event Correlation Analysis Based on Similar Degree of the Attributes

Abstract

This paper studied the related theories of the network security event correlation analysis methods, and proposed the network security event correlation analysis method based on similar degree of the attributes. a detailed description and analysis of the method is gived in this paper, the method can realize the classification and merge of network security events according to the attributes similar degree of network security events. The similar degree of security events are identified by the similar degrees of characteristic attributes. It can not only remove redundant safety incidents, but also can compress security event number. Thus, it can effectively improve the network administrator's security incident analysis efficiency. The experimental results show that: the method is suitable for the massive security event information analysis and aggregation, can effectively reduce the number of security incidents, has a certain value.