摘要
该文阐述了日志管理中心(LMC)通用模型及实现,通过对各种日志信息进行采集、规整和汇集,生成统一的日志事件,利用事件关联规则进行分析,从而发现系统中的潜在威胁和攻击,采取实时应对措施。特别地,文中还详细介绍了两种数据挖掘算法及如何利用算法发现事件模式,自动生成事件关联规则。
The article presents an implementation of Log Management Center(LMC)model which can collect,normalize and aggregate the massive and various log information,generate the consolidating events which are analyzed by the event correlation engine to find the potential compromises and attacks in the system,take real-time response actions.Specially,the article provides two mining algorithms and describes how data mining can be used to identify actionable patterns and construct correlation rules.
出处
《计算机工程与应用》
CSCD
北大核心
2004年第15期178-181,共4页
Computer Engineering and Applications
基金
国家973基础研究发展规划项目资助(编号:G1998030409)
