A novel real‐time aggregation method on network security events
Abstract
Purpose
The purpose of this paper is to show how to ensure a real‐time precise aggregation processing of network security events without difficultly determined parameters.
Design/methodology/approach
The aggregation method includes the choice of aggregation granularity, consistency of abstraction layer, the expression of all hyper security events (HSEs) of a node in cache, and aggregation algorithm based on classification, etc.
Findings
The aggregation method is capable to provide a real‐time way for good HSEs for next correlation processing with weak and easy parameters to determine.
Research limitations/implications
The cost of space is not discussed in the method.
Practical implications
The aggregation method is suitable for real‐time management of difficult issues to resolve massive security events.
Originality/value
Many ideas and concepts of the paper are proposed for the first time, such as the expression of all HSEs of a node in cache, weak queue length instead of the weak‐time window and so on.
Keywords
Citation
Li, Z., Ma, Y., Wang, L., Lei, J. and Ma, J. (2011), "A novel real‐time aggregation method on network security events", Kybernetes, Vol. 40 No. 5/6, pp. 912-920. https://doi.org/10.1108/03684921111142467
Publisher
:Emerald Group Publishing Limited
Copyright © 2011, Emerald Group Publishing Limited