| 一种基于属性哈希的告警日志去重方法 |
| |
| 引用本文: | 胡倩,罗军勇,尹美娟,曲小美.一种基于属性哈希的告警日志去重方法[J].计算机科学,2016,43(Z6):332-334, 360. |
| |
| 作者姓名: | 胡倩 罗军勇 尹美娟 曲小美 |
| |
| 作者单位: | 信息工程大学网络安全空间学院 郑州450002,信息工程大学网络安全空间学院 郑州450002,信息工程大学网络安全空间学院 郑州450002,信息工程大学网络安全空间学院 郑州450002 |
| |
| 摘 要: | 网络安全防护设备产生的告警日志中存在大量重复告警,影响实时的网络威胁态势分析。为解决告警日志的实时准确去重问题,提出了一种基于属性哈希的告警日志去重方法。该方法采用属性哈希实现重复告警的快速检测,并采用哈希表同时解决了大量非重复告警日志的存储问题。在基于Darpa数据集构建的告警日志上进行了实验,结果表明该方法在保证较低时间复杂度的同时,去重准确率可以达到95%以上。
|
| 关 键 词: | 告警日志 重复告警 属性哈希 |
Method of Duplicate Removal on Alert Logs Based on Attributes Hashing |
| |
| HU Qian,LUO Jun-yong,YIN Mei-juan and QU Xiao-mei.Method of Duplicate Removal on Alert Logs Based on Attributes Hashing[J].Computer Science,2016,43(Z6):332-334, 360. |
| |
| Authors: | HU Qian LUO Jun-yong YIN Mei-juan and QU Xiao-mei |
| |
| Affiliation: | Network Security Space Academy,Information Engineering University,Zhengzhou 450002,China,Network Security Space Academy,Information Engineering University,Zhengzhou 450002,China,Network Security Space Academy,Information Engineering University,Zhengzhou 450002,China and Network Security Space Academy,Information Engineering University,Zhengzhou 450002,China |
| |
| Abstract: | Alarm logs generated by network security equipment have a large number of repeated alarms,which impact real-time network situational threat analysis.In order to solve real-time accurate de-duplication problem of alarm logs,we proposed a method of duplicate removal on alert logs based on attributes hash.The method uses attribute hash for duplicate alarms quick detection and uses the hash table to solve the storage problem of a large number of non-repeating alarm logs at the same time.Conducted experiments results in the alarm log based on Darpa data set show that the method ensures lower time complexity,while deduplication accuracy rate can reach 95%. |
| |
| Keywords: | Alert log Repeat alert Property hash |
|
| 点击此处可从《计算机科学》浏览原始摘要信息 |
|
点击此处可从《计算机科学》下载全文 |
|
