南京信息工程大学学报2011,Vol.3Issue(4):365-370,6.
多源异构日志综合分析技术研究与实践
Research and practice on comprehensive analysis technology for multi-source heterogeneous log
摘要
Abstract
The multi -source heterogeneous log analysis technology is one of the hottest topics in the area of network security in recent years, which attracts the interest of more and more domestic and abroad researchers. According to the characteristics of multi-source log in network system, a multi-source heterogeneous log analysis model which composed of focused analysis, statistical analysis and causality correlation analysis is proposed in this paper. Importance Evaluation method is introduced to the focused analysis for log information and an example is given to illustrate it,then causality correlation algorithm for multi-source log is discussed. Finally an example of actual network data is given to validate the comprehensive analysis model and algorithm. The results show that this model and algorithm is feasible and effective.关键词
多源异构日志/重要度评价/因果关联Key words
multi-source heterogeneous log/importance evaluation/causality correlation分类
信息技术与安全科学引用本文复制引用
刘必雄..多源异构日志综合分析技术研究与实践[J].南京信息工程大学学报,2011,3(4):365-370,6.基金项目
福建省教育厅科技项目(JB09299) (JB09299)
