| dc.description.abstract | Companies and Organizations usually structure the large-scale joint defense network by information security devices. Through joint regional defense, the network can provide members sufficient threat warning information. In companies, the information security alerts are sent to Security Operation Center (SOC), but there are some internal network information and sensitive privacy content in the alerts. Taking the alerts into consideration, companies and Organizations would not prefer to share the warning of internal information security. Therefore, they can avoid malicious person to obtain confidential information of organization or result in damage to goodwill or assets.
However, not only information security policy but also requested level of privacy protection is different from each company. In addition to protect the information privacy, we also want to provide companies a sharing mechanism which is changeable to information security policy. A balance in the trade between privacy protection and warning association analysis becomes a significant issue people concern.
For this issue, this thesis discusses processing of fuzzy information privacy protection on the packet header and the factors of assessing the alert packets. The factors include the fuzzy conversion region of IP address, warning Relevance, information content changes between privacy protection of warning packet and original warning packet information (entropy), and the capability of warning packet after fuzzy.
In this thesis, there are two steps in the purposed method. First, calculate the information of warning packet. Use IP address of the original warning packet and get the information after fuzzy to calculate. Second, analyze correlation of SOC. Also, we provide the quantitative standard for companies to change the level of privacy protection. Finally, it will achieve optimal condition between privacy protection and accuracy of warning relevance.
| en_US |