Computer Engineering and Applications ›› 2009, Vol. 45 ›› Issue (31): 106-108.DOI: 10.3778/j.issn.1002-8331.2009.31.031

• 网络、通信、安全 • Previous Articles     Next Articles

Study of alert correlation analysis technique based on anonymization

LIAO Chuan-pu1,LIAN Yi-feng2   

  1. 1.College of Computing & Communication Engineering,Graduate University of the CAS,Beijing 100049,China
    2.Institute of Software,Chinese Academy of Sciences,Beijing 100190,China
  • Received:2008-06-24 Revised:2008-10-16 Online:2009-11-01 Published:2009-11-01
  • Contact: LIAO Chuan-pu

基于匿名化处理的报警关联分析技术研究

廖传谱1,连一峰2   

  1. 1.中国科学院研究生院 计算与通信工程学院,北京 100049
    2.中国科学院 软件研究所,北京 100190
  • 通讯作者: 廖传谱

Abstract: Data generated by security systems may include sensitive information that data owners do not want to disclose or share with others.Therefore,efficient anonymization of the alert data containing privacy is necessary before they are shared and made correlation analysis.Anonymization of the original alerts containing privacy is dealt with by using concept hierarchy in this paper,on the basis of which the correlation analysis of anonymized alerts is carried out with altered probabilistic similarity based approaches.The result of experiments proves effective correlation approaches fit with anonymized alerts.

Key words: alert correlation, concept hierarchy, anonymized alert, similarity

摘要: 由安全系统产生的数据可能会包含一些比较敏感的信息,而这些敏感的信息又是数据拥有者不愿意公开或与别人共享的。因此,为了保持报警数据的隐私和可用性,需要对含有隐私的报警数据在被共享和关联分析之前进行有效的匿名化处理。利用概念层次对含有隐私的原始报警进行匿名化处理,在此基础上采用改进后的基于概率相似度的关联方法对匿名后的报警进行关联分析。实验结果表明,所采取的针对匿名报警的关联方法是有效的。

关键词: 报警关联, 概念层次, 匿名报警, 相似度

CLC Number: