EHFM:An Efficient Hierarchical Filtering Method for Multi-source Network Malicious Alerts

YANG Xin, LI Gengxin, LI Hui

doi:10.11896/jsjkx.220800049

Jisuanji kexue (Feb 2023)

EHFM:An Efficient Hierarchical Filtering Method for Multi-source Network Malicious Alerts

YANG Xin, LI Gengxin, LI Hui

Affiliations

YANG Xin, LI Gengxin, LI Hui: 1 Peking University Shenzhen Graduate School,Shenzhen,Guangdong 518055,China;2 Peng Cheng Laboratory,Shenzhen,Guangdong 518055,China

DOI: https://doi.org/10.11896/jsjkx.220800049
Journal volume & issue: Vol. 50, no. 2
pp. 324 – 332

Abstract

Read online

Security situation awareness technology based on the alarm data plays an essential role in system protection.In the complex network environment,situation awareness systems control and predict the network security in time by capturing multiple metrics representing system situations combined with alert data.However,network security detection or protection systems ge-nerate massive and diverse alarm logs daily.Such massive threat logs and event information lead to a sharp rise in complexity and even bring some misjudgment problems.Therefore,there is a need for methods that filter the massive warning alerts with fine granularity and high accuracy to provide the basis for building subsequent reliable situation awareness systems.This paper proposes an efficient hierarchical filtering method(EHFM) for multi-source alarm data.EHFM contains five layers of filters,and the proposed hierarchical filtering structure guarantees its scalability and flexibility.Firstly,EHFM designs a unified format for multi-source alarm data to provide unified and customizable filtering.Moreover,the concept of “difference in joint performance entropy” incorporated with the fuzzy analytic hierarchy algorithm is proposed,which guarantees its robustness.These methods improve filtering accuracy by solving the problem of misjudgment caused by excessive alarm scale and external environmental factors.Then,the threat degree of malicious events to the system is classified by considering both the frequency and the impact of alerts.Finally,the classified and filtered alerts are visualized to facilitate the subsequent processing by security managers or software.Based on the proposed EHFM,a security situation awareness system is developed to verify its efficiency.The results of comprehensive experiments demonstrate that the proposed scheme filters and classifies malicious events in fine granularity and hence improves the accuracy and effectiveness of security situation awareness technology in large-scale alarm scenarios.

security analysis|hierarchical alarm filtering|multi-source alerts|security situation assessment|fuzzy analytic hie-rarchy process

Published in Jisuanji kexue

ISSN: 1002-137X (Print)
Publisher: Editorial office of Computer Science
Country of publisher: China
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science: Computer software; Technology: Technology (General)
Website: http://www.jsjkx.com/CN/1002-137X/home.shtml

About the journal

Abstract

Keywords