| 加权最近邻聚类在SOC中的应用 |
| |
| 引用本文: | 丛佩丽.加权最近邻聚类在SOC中的应用[J].网络安全技术与应用,2012(5):41-43. |
| |
| 作者姓名: | 丛佩丽 |
| |
| 作者单位: | 辽宁机电职业技术学院信息工程系,辽宁,118009 |
| |
| 基金项目: | 辽宁机电职业技术学院重点基金项目 |
| |
| 摘 要: | 本文对网络安全管理中心(SOC)的报警技术进行了研究,提出了一种具有权值的最近邻算法的聚类方法,对经过初步过滤、规范化后的报警信息与知识库中已有规则进行聚类,获取真正的攻击事件并完成攻击场景的重构,对报警信息进一步进行关联分析提供了有力保障。通过测试及应用表明,本文所应用的方法在可用性、灵活性、获取攻击事件的准确性以及处理效率上要优于其它方法。
|
| 关 键 词: | 聚类 最近邻 权值 SOC |
The weight value of the nearest neighbor clustering in SOC application |
| |
| Cong Peili.The weight value of the nearest neighbor clustering in SOC application[J].Net Security Technologies and Application,2012(5):41-43. |
| |
| Authors: | Cong Peili |
| |
| Affiliation: | Cong Peili Department of Information engineering,Liaoning Jidian Polytechnic,Liaoning,118009,China |
| |
| Abstract: | The alarm technology of Security Operation Center(SOC) is studied,Presents a kind of the clustering method based on the weighted of nearest neighbor clustering,after an initial filtering,normalization of alarm information and knowledge base of existing rules clustering,get real attack and attack scene reconstruction,the alarm information further correlation analysis provides a strong guarantee.The testing and application indicated that our method performed slightly better than other similar method in usability,flexibility,veracity of getting real attacks and efficiency. |
| |
| Keywords: | Aggregation K-Nearest Neighbor Weight Value SOC |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
