Multi-source Heterogeneous Data Fusion Method Considering Information Entropy in Large Data Environment

Abstract

Massive trivial redundancy alarm information with high error alarm rate, generated by network security defense equipment, causes great difficulty in alarm analysis and understanding. In allusion to the research on this problem, an improved multi-source heterogeneous data fusion scheme is proposed in this paper to comprehensively analyze such attributes as alarm type, source IP, destination IP, destination port and time interval and summarize four rules, thus to dynamically update the time interval threshold value during the fusion process and improve the fusion accuracy. The experiment result shows that such method can efficiently reduce the quantity of the heterogeneous alarm information, and obtain accurate super-alarm data, as well as realize the ability for timely processing the alarm information.