Off-line Analysis Research and Implementation Based on Drools
XIU Jie-lei XU Nan-shan WEI Sheng-jun(Department of Computer,School of Information Science, Beijing University of Chemical Technology,Beijing 100029, China) (Laboratory of Computer Network Defense Technology, Beijing Institute of Technology,Beijing 100081,China)
A kind of offline analysis based on Drools was proposed. It was a complementarily to real-time analysis of the host detection system. It not only compressed the large quantity of alerts generated by monitoring system, but also accomplished the security events association on the whole operation procedure. Firstly, general model was constructed based on the Drools principle. Secondly, the detailed design tactics and the key technologies realization were provided. Finally the off-line simulation results using the flash memory disks alerts showed that the quantity compressibility of alerts was above 9.898% and the attack (operation) procedure was successfully achieved.