| 基于特征融合的安全审计分析 |
| |
| 引用本文: | 黎龙,陈龙,王国胤,马永波.基于特征融合的安全审计分析[J].重庆邮电学院学报(自然科学版),2006,18(5):642-645. |
| |
| 作者姓名: | 黎龙 陈龙 王国胤 马永波 |
| |
| 作者单位: | 重庆邮电大学计算机科学与技术研究所,重庆400065 |
| |
| 基金项目: | 重庆市自然科学基金重点资助项目(2005BA2003);重庆市信息产业发展资金资助项目(200401022);重庆市优秀中青年骨干教师资助计划;重庆邮电大学青年教师基金项目(A2005-25) |
| |
| 摘 要: | 分析了传统的安全审计分析方法,发现传统方法没有利用主机日志和网络数据特征之间的联系。通过分析主机日志得到可疑安全事件,再进一步融合主机日志和网络数据的有关特征作为一个整体进行分析。比较当前安全事件与正常历史事件、异常历史事件的相似度,审计出异常可疑事件。实验证明了该方法的可行性和有效性。
|
| 关 键 词: | 安全审计 日志数据 相似度 特征融合 |
| 文章编号: | 1004-5694(2006)05-0642-04 |
| 收稿时间: | 2006-04-22 |
| 修稿时间: | 2006-06-30 |
Security audit analysis based on feature fusion |
| |
| LI Long, CHEN Long, WANG Guo-yin, MA Yong-bo.Security audit analysis based on feature fusion[J].Journal of Chongqing University of Posts and Telecommunications(Natural Sciences Edition),2006,18(5):642-645. |
| |
| Authors: | LI Long CHEN Long WANG Guo-yin MA Yong-bo |
| |
| Institution: | Institute of Computer Science and Technology, Chongqing University of Posts and Telecommunications, Chongqing 400065, P. R. China |
| |
| Abstract: | Methods of traditional security audit analysis are introduced, but the related features of system logs and network data are not well considered in these methods. Suspicious security events are drawn through analyzing system logs. They are further investigated by fusing features of system logs and network data. Comparing the similarities of current security event with normal history event and abnormal history event respectively, abnormal suspicious event can be audited. Experiments indicated that this method is feasible. |
| |
| Keywords: | security audit log data similarity feature fusion |
| 本文献已被 CNKI 维普 等数据库收录! |
