Alarm data fusion method based on improved spectral clustering

A data fusion and spectral clustering technology, applied in the field of data processing, can solve the problems of not paying attention to alarm data, high false alarm rate, unfavorable alarm, etc.

Active Publication Date: 2021-09-21
GUILIN UNIV OF ELECTRONIC TECH
View PDF7 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In the process of alarm fusion, most methods do not pay attention to the relationship between alarm data and alarm attributes, and excessively simplify the alarm, which will cause the loss of key information, which is not conducive to further analysis of the alarm; the existing fusion methods have already Achieve a certain alarm fusion rate, but the false alarm rate is still high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Alarm data fusion method based on improved spectral clustering
  • Alarm data fusion method based on improved spectral clustering
  • Alarm data fusion method based on improved spectral clustering

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] Embodiments of the present invention are described in detail below, examples of which are shown in the drawings, wherein the same or similar reference numerals designate the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the figures are exemplary and are intended to explain the present invention and should not be construed as limiting the present invention.

[0038] see Figure 1 ~ Figure 4 , the present invention provides a kind of alarm data fusion method based on improved spectral clustering, comprising:

[0039] S101 preprocessing the alarm data;

[0040] The specific steps are:

[0041] S201 input raw data set;

[0042] The experiment uses the honeypot data set and the laboratory collects the alarm data as the original data set by building a real intrusion detection environment.

[0043] S202 extracting key attributes of the alarm data from the original data set;

[0044] Th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the field of data processing, and discloses an alarm data fusion method based on improved spectral clustering. The method comprises the following steps: preprocessing alarm data; grouping the alarm data according to attack types; calculating the similarity between every two alarms for the alarm data in each group by using an attribute similarity measurement method, and constructing a similarity matrix; clustering the alarm data by using a spectral clustering algorithm based on the similarity matrix to form clusters; performing threshold judgment on the alarms in the same cluster: if the threshold is reached, fusing the alarm data in the same cluster, and then inputting the fused data into a fused data set; if the threshold value is not reached, directly inputting the data into a fusion data set; and combining the fusion data sets of all clusters into a simplified alarm data set and outputting the simplified alarm data set. According to the method, better clustering fusion can be realized under the condition that the relation between alarms is not damaged, the information loss is reduced, and the false alarm rate of the alarm data can be reduced while the fusion rate is improved.

Description

technical field [0001] The invention relates to the field of data processing, in particular to an alarm data fusion method based on improved spectrum clustering. Background technique [0002] Hackers or malicious attackers invade the network through various methods, causing the network environment to face a large number of targeted, hidden and penetrating potential threats, and network security is facing severe challenges. Intrusion Detection System (Intrusion Detection System, IDS) is used as a security defense system to detect whether there are intrusions in the network environment, and generate corresponding alarm data for various intrusions, so that security managers can take corresponding defense measures. A large number of redundant and erroneous alarms will be generated in the application, making it difficult for managers to find key alarm information, and thus unable to grasp the network security situation. Therefore, some researchers have proposed alarm data fusion...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62H04L29/06
CPCH04L63/1441H04L63/1491G06F18/23213G06F18/25Y02D30/50
Inventor 陶晓玲符廉铕赵峰欧阳逸夫顾涛贾飞
Owner GUILIN UNIV OF ELECTRONIC TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap