期刊文献+

基于数据挖掘的因果关联知识库构建方法 被引量:3

A Method for Constructing Knowledge-Base of Causal Correlation Based on Data Mining
原文传递
导出
摘要 网络告警因果关联技术有助于管理员根据告警之间的因果关系构建攻击场景,及时调整防范措施。现有因果关联技术主要依靠专家经验人为定义因果关联知识库,无法适应攻击类型的不断变化。论文提出了一种基于数据挖掘技术的因果关联知识库构建方法,实现了关联知识库的自适应调整,降低了告警关联的漏警率。 Network alarm causal correlation technology can help network administrators construct attack scenarios and take timely responses by unveiling the causal relationship of intrusion alarms. Existing causal correlation technologies is mainly based on predefined correlation knowledge base, and cannot adapt to the appearance of new network attack types. This paper presents a data mining based method for constructing causal correlation knowledge database. By implementing this method, the self-improvement of the knowledge base is achieved and the failure rate of alarm correlation reduced.
出处 《信息安全与通信保密》 2009年第7期102-104,共3页 Information Security and Communications Privacy
基金 国家高技术研究发展计划专项经费资助项目(基金号:2007AA01Z473)
关键词 网络安全 告警因果关联 数据挖掘 知识库 network security alarm causal correlation data mining knowledge base
  • 相关文献

参考文献3

  • 1Ning P, Cui Y, Reeves D. Constructing Attack Scenarios through Correlation of Intrusion Alerts[C]. In: Proc. of the 9th ACM Conference on Computer and Communications Security, Washington, DC, USA, 2002: 245-254.
  • 2Ning P, Cui Y, Reeves D, et al. Tools and Techniques for Analyzing Intrusion Alerts[J]. ACM Transactions on Information and System Security. 2004, 07(02) 273-318.
  • 3Mannila H, Toivonen H, Verkamo A. Discovery of frequent episodes in event sequences[J]. Data Mining and Knowledge Discovery. 1997, 01(03) 259-289.

同被引文献14

  • 1汤新鸿.信息安全事件管理机制设计研究[J].长春理工大学学报(高教版),2012(5):54-55. 被引量:3
  • 2Denning D. An Intrusion Detection Model[ J]. IEEE Transactions on Software Engineering, 2004, SE - 13 (02) :222 - 232.
  • 3Snapp S. A System for Distributed Intrusion Detection[ C]. USA: IEEE, 2003 : 170 - 176.
  • 4Silverman R. Intrusion Detection Systems Sniff Out Digital Attack [ J ]. The Wall Street Journal, 2002(04) :36.
  • 5Bauer D, Koblentz M. An Expert System for Real - Time Network Intrusion Detection [ J]. Proceeding of the IEEE Computer Networking Symposium, 2005( 11 ) :17 - 13.
  • 6ISO/IEC17799-1: Information security management- Partl:Codeofpractice for information security man- agement[S].
  • 7SnappS.A System for Distributed Intrusion Detection[]..2003
  • 8Silverman R.Intrusion Detection Systems Sniff Out Digital Attack[].The Wall Street Journal.2002
  • 9Teresa L,Jagannathan R,Lee R,et al.IDES: The enhanced prototype, a real-time intrusion detection system[].Technical Report.1988
  • 10刘文涛.基于改进遗传算法的网络入侵检测[J].重庆工商大学学报(自然科学版),2010,27(5):476-480. 被引量:6

引证文献3

二级引证文献3

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部