Cargando…
An Efficient Alert Aggregation Method Based on Conditional Rough Entropy and Knowledge Granularity
With the emergence of network security issues, various security devices that generate a large number of logs and alerts are widely used. This paper proposes an alert aggregation scheme that is based on conditional rough entropy and knowledge granularity to solve the problem of repetitive and redunda...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7516779/ https://www.ncbi.nlm.nih.gov/pubmed/33286098 http://dx.doi.org/10.3390/e22030324 |
| _version_ | 1783587080179286016 |
|---|---|
| author | Sun, Jiaxuan Gu, Lize Chen, Kaiyuan |
| author_facet | Sun, Jiaxuan Gu, Lize Chen, Kaiyuan |
| author_sort | Sun, Jiaxuan |
| collection | PubMed |
| description | With the emergence of network security issues, various security devices that generate a large number of logs and alerts are widely used. This paper proposes an alert aggregation scheme that is based on conditional rough entropy and knowledge granularity to solve the problem of repetitive and redundant alert information in network security devices. Firstly, we use conditional rough entropy and knowledge granularity to determine the attribute weights. This method can determine the different important attributes and their weights for different types of attacks. We can calculate the similarity value of two alerts by weighting based on the results of attribute weighting. Subsequently, the sliding time window method is used to aggregate the alerts whose similarity value is larger than a threshold, which is set to reduce the redundant alerts. Finally, the proposed scheme is applied to the CIC-IDS 2018 dataset and the DARPA 98 dataset. The experimental results show that this method can effectively reduce the redundant alerts and improve the efficiency of data processing, thus providing accurate and concise data for the next stage of alert fusion and analysis. |
| format | Online Article Text |
| id | pubmed-7516779 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-75167792020-11-09 An Efficient Alert Aggregation Method Based on Conditional Rough Entropy and Knowledge Granularity Sun, Jiaxuan Gu, Lize Chen, Kaiyuan Entropy (Basel) Article With the emergence of network security issues, various security devices that generate a large number of logs and alerts are widely used. This paper proposes an alert aggregation scheme that is based on conditional rough entropy and knowledge granularity to solve the problem of repetitive and redundant alert information in network security devices. Firstly, we use conditional rough entropy and knowledge granularity to determine the attribute weights. This method can determine the different important attributes and their weights for different types of attacks. We can calculate the similarity value of two alerts by weighting based on the results of attribute weighting. Subsequently, the sliding time window method is used to aggregate the alerts whose similarity value is larger than a threshold, which is set to reduce the redundant alerts. Finally, the proposed scheme is applied to the CIC-IDS 2018 dataset and the DARPA 98 dataset. The experimental results show that this method can effectively reduce the redundant alerts and improve the efficiency of data processing, thus providing accurate and concise data for the next stage of alert fusion and analysis. MDPI 2020-03-12 /pmc/articles/PMC7516779/ /pubmed/33286098 http://dx.doi.org/10.3390/e22030324 Text en © 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Sun, Jiaxuan Gu, Lize Chen, Kaiyuan An Efficient Alert Aggregation Method Based on Conditional Rough Entropy and Knowledge Granularity |
| title | An Efficient Alert Aggregation Method Based on Conditional Rough Entropy and Knowledge Granularity |
| title_full | An Efficient Alert Aggregation Method Based on Conditional Rough Entropy and Knowledge Granularity |
| title_fullStr | An Efficient Alert Aggregation Method Based on Conditional Rough Entropy and Knowledge Granularity |
| title_full_unstemmed | An Efficient Alert Aggregation Method Based on Conditional Rough Entropy and Knowledge Granularity |
| title_short | An Efficient Alert Aggregation Method Based on Conditional Rough Entropy and Knowledge Granularity |
| title_sort | efficient alert aggregation method based on conditional rough entropy and knowledge granularity |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7516779/ https://www.ncbi.nlm.nih.gov/pubmed/33286098 http://dx.doi.org/10.3390/e22030324 |
| work_keys_str_mv | AT sunjiaxuan anefficientalertaggregationmethodbasedonconditionalroughentropyandknowledgegranularity AT gulize anefficientalertaggregationmethodbasedonconditionalroughentropyandknowledgegranularity AT chenkaiyuan anefficientalertaggregationmethodbasedonconditionalroughentropyandknowledgegranularity AT sunjiaxuan efficientalertaggregationmethodbasedonconditionalroughentropyandknowledgegranularity AT gulize efficientalertaggregationmethodbasedonconditionalroughentropyandknowledgegranularity AT chenkaiyuan efficientalertaggregationmethodbasedonconditionalroughentropyandknowledgegranularity |