期刊文献+

入侵检测报警聚合与关联系统设计与实现 被引量:3

Design and Implementation of Intrusion Detection Alerts Aggregation and Correlation System
下载PDF
导出
摘要 入侵检测系统的大部分报警事件之间都存在某种联系,通过对这些报警的聚合与关联能够消除或减少重复报警,降低误报率及发现高层多步攻击策略。论文设计并实现了一种报警聚合与关联系统,系统主要包括报警聚合、报警校验、多步攻击报警关联和报告分析与规则控制等部分。实验证明:该系统能够减少报警数量,并能识别攻击意图,达到预警的目的。 The alert events detected by Intrusion Detection System are usually interrelated in certain respects. Through aggregating and correlating of these alerts , the system can eliminate or reduce numbers of the same alerts , decrease false positive rate,and discover the high level multi-step attack policy. This paper presents an intrusion alerts aggregating and correlating system, which is mainly composed of aggregation analysis, alerts verification and multi-step attack correlatlon,etc. Experiments show that the system is effective in reducing the number of alerts.and can warn according to attack intention identified.
出处 《微计算机信息》 北大核心 2007年第36期47-49,共3页 Control & Automation
关键词 入侵检测 报警聚合 报警关联 报警校验 Intrusion detection,Alerts aggregation, Alerts Correlation, Alerts verification
  • 相关文献

参考文献2

  • 1邓琦皓,吕晓斌,罗军勇.基于入侵行为模式的告警关联[J].微计算机信息,2005,21(10X):8-10. 被引量:6
  • 2Peng Ning , Y Cui. An intrusion alert correlator based on prerequisites of intrusion. Department of Computer Science , North Carolina State University, Tech Rep : TR22002201 , 2002

二级参考文献2

  • 1A.Valdes and K.Skinner. probabilistic Alert Correlation [C]. In Fourth International Worshop on the Recent Advances in Itrusion Detection(RAID' 2001),Davis,USA,Oct 2001.
  • 2P.Ning, D.Reeves,and Yun Cui. Correlating Alerts Using Prerequisites of Intrusions. Technical Report TR-2001-13, North Carolina State University,Department of Computer Science, Dec 2001.

共引文献5

同被引文献11

引证文献3

二级引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部