An Expert System Based on Network Security Event Correlation

It puts forward an expert system based on network security event correlation, to solve the problem that there are high false alarm and missed alarm rate existing in IDS. This paper presents abstraction modeling for knowledge base to advance the performance of correlation analysis, and presents assets information and vulnerability information analysis module to increase the attention to important equipment, network area and network security event, also presents pruning to optimize the redundance. On the other hand, it introduces time stream into expert system to improve the real time action. The system has been applied in real condition, and the results of experiments show that the system can effectively advance the performance of correlation analysis, and can easily extend.