改进的聚合算法在多源检测系统中的应用

Improved aggregation algorithm in multi-source detection system

对于多种多样的攻击来说,单一的防病毒工具无法很好的去应对,而多种网络安全产品的同时利用对同一攻击的报警又会出现太多的冗余报警事件,本聚类合并系统通过引入了对报警事件分类的方法和增加属性的途径可以很好的在类内合并缩减重复的报警事件,同时也大大的省去了做不必要工作的时间,大大的提高了系统的实时性能,也方便了网络管理员对网络有全面的把握和认识。

For a variety of attacks,the single anti-virus tools can not go to a good response, but a variety of network security products,while taking advantage of the same attacks, too many redundant alarm will alarm event.the cluster merger system through the introduction of alarm event classification methods and ways to increase the property well in the category can be combined to reduce duplication of alarm events,but also greatly eliminates the need to do unnecessary work time,greatly improve the system＇s real-time performance, but also convenient for network administrators a comprehensive grasp of the network and understanding.