Abstract
Nowadays corporate Intranet Security Monitoring generally relies on SIEM products or SOC platforms. The data comes from a large number of system logs, application running logs and business data, which are generated by network device, security protection device and application systems, etc., is finally stored as normalized data after word segmentation, field parsing and data type mapping. The Intranet Security Monitoring are extremely sensitive to data quality because of the efficiency and accuracy requirements, but the continuous business changes and system upgrades in the intranet environment make both of the data structure and content variable. The existing automated log parsing algorithms are mainly aimed at system logs with a fixed structure, cannot handle variable data with multiple types and structures, besides, the parsing work only completes word segmentation and field parsing. As for data type identification and mapping, there should be several security experts to wait to write static templates, in case the data is changed. In response to the above problems, an ontology model of data knowledge for Intranet Security Monitoring is constructed, and using the computing power of cloud computing, a dynamic processing algorithm for variable data (DPAVD) based on structural information entropy is proposed, in which the correlation between data fields is used as the core factor, can reduce the interference caused by the difference in character expression and meet the requirements of high-quality data for Intranet Security Monitoring.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Yao, D., Chen, Y.: Design and implementation of log data analysis management system based on hadoop. J. Inf. Hiding Privacy Protect. 2(2), 1–7 (2020)
Zhu, J., et al.: Tools and benchmarks for automated log parsing. In: Proceedings ICSE-SEIP, pp. 121–130 (2019)
Shima, K.: Length matters: clustering system log messages using length of words (2016). arXiv:1611.03213
Hamooni, H., Debnath, B.K., Xu, J.W., Zhang, H.G., Jiang, F., Mueen, A.: LogMine: fast pattern recognition for log analytics. In: Proceedings of CIKM, pp. 1573–1582 (2016)
Du, M., Li, F.F.: Spell: streaming parsing of system event logs. In: Proceedings of ICDM, pp. 859–864 (2016)
He, P., Zhu, J., Zheng, Z., Lyu, M.R.: Drain: an online log parsing approach with fixed depth tree. In: Proceedings of ICWS, pp. 33–40 (2017)
Messaoudi, S., Panichella, A., Bianculli, D., Briand, L., Sasnauskas, R.: A search-based approach for accurate identification of log message formats. In: Proceedings of ICPC (2018)
Wu, Q., Huang, X.H., Ma, Y., Cong, Q.: A template extraction method for composite log. J. Zhejiang Univ. (Eng. Sci.), 54(8), 1557–1561 (2020)
Harrington, P.: Machine Learning in Action. Post & Telecom Press, Beijing (2017)
Kotenko, I., Saenko, I., Polubelova, O., et al.: The ontology of metrics for security evaluation and decision support in SIEM system. In: Proceedings of ICARS, Regensburg, pp. 638–645 (2013)
Si, C., Zhang, H.Q., Wang, Y.W., Yang, Y.J.: Research on network security situational elements knowledge base model based on ontology. Comput. Sci. 42(5), 173–177 (2015)
Yadav, T., Rao, A.M.: Technical Aspects of cyber Kill Chain. Secur. Comput. Commun. 536, 438–452 (2015)
Li, A.S.: Structural information theory. Commun. CCF 9, 24–30 (2018)
Uma, K.V., Alias, A.: C5.0 decision tree model using tsallis entropy and association function for general and medical dataset. Intell. Autom. Soft Comput. 26(1), 61–70 (2020)
Acknowledgement
This work is supported by Defense Industrial Technology Development Program (JCKY2018603B006).
Funding
This work is supported by CAEP Foundation (PY2019132 C. R. Zhou, CX2019040 C. R. Zhang).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhou, C., Wu, G., Li, J., Zhang, C. (2021). A Dynamic Processing Algorithm for Variable Data in Intranet Security Monitoring. In: Sun, X., Zhang, X., Xia, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2021. Lecture Notes in Computer Science(), vol 12737. Springer, Cham. https://doi.org/10.1007/978-3-030-78612-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-78612-0_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-78611-3
Online ISBN: 978-3-030-78612-0
eBook Packages: Computer ScienceComputer Science (R0)