摘要
提出了一个基于日志挖掘的、分布式、多协议支持的企业安全管理中心框架,介绍了其组成和实现。描述了利用数据挖掘技术产生检测模型的过程。通过对各种日志信息进行采集、规整和汇集,生成统一的通告事件,利用检测模型进行分析,从而发现系统中的潜在威胁和攻击,采取实时应对措施。
The article presents the architecture of enterprise security management center (ESMC) based on log mining which is distributed and supports multi-protocol. It can collect, normalize and aggregate the massive and various log information, generate the consolidating notifications, analyze the notifications by the checking model to find the potential compromises and attacks in the system, take real-time response actions. Finally, the paper describes how to build the checking model by data mining.
出处
《计算机工程》
CAS
CSCD
北大核心
2003年第19期90-91,111,共3页
Computer Engineering
基金
国家"973"基金资助项目(G1998030409)