Research of Security Event Correlation Based on Attribute Similarity
Aiming at the problem that there is a great deal of redundant security events in current network security systems, this paper proposed a security event correlation algorithm based on the attribute similarity of mixed data type. For the event attributes, the algorithm respectively defined the similarity measure functions, gave attribute similarities different weights, and set different expected threshold values. The similarity between events depends on the attribute similarities, and then the correlation result lies on whether the similarity between the security events is larger than the expected threshold value. Experiments show the algorithm can effectively reduce redundant security events.