期刊文献+

一种基于Choquet模糊积分的入侵检测警报关联方法 被引量:5

Intrusion Detection Alert Correlation Based on Choquet Fuzzy Integral
下载PDF
导出
摘要 文章研究了警报关联方法,模糊积分和模糊认知图基本理论,提出了一种基于Choquet模糊积分的入侵检测警报关联方法,设计并实现了一个能够识别多步攻击的警报关联引擎.通过DRDOS和LLDOS实验表明,该引擎能够有效的检测网络中存在的大规模分布式多步攻击. The alert correlation,choquet fuzzy integral and fuzzy cognitive maps was analyzed,the correlation of IDS alerts based choquet fuzzy integral was proposed and the correlation engine of intrusion detection system was designed.Though experiences of the DRDOS attack and LLDOS attack,it is proved that the alert correlation in the paper could correlate the alerts with high feasibility.
出处 《电子学报》 EI CAS CSCD 北大核心 2011年第12期2741-2747,共7页 Acta Electronica Sinica
基金 国家重点基础研究发展计划(973计划)(No.2009CB320706) 国家自然科学基金(No.61073009) 吉林省科技发展计划资助项目(No.20090111) 长春国际合作项目(No.11GH12)
关键词 入侵检测 模糊积分 模糊测度 警报关联 告警关联 intrusion detection fuzzy integral fuzzy measure alert correlation alarm correlation
  • 相关文献

参考文献17

  • 1Corporation Symantec. Symantec Global IntemetSecurity Threat Report Trends for 2008 [ EB/OL ]. http://eval, symantec, corn/ mktginfo/enterprise/white_ papers/b-whitepaper_ intemet_ se- curity_ threat_ report_ xiv_ 04-2009. en-us, pdf.
  • 2Peng Ning, Yun Cui, Douglas S. REEVES, DINGBANG XU. Techniques and tools for analyzing intrusion alerts [ J ]. ACM Transactions on Information and System Security, 2004,7 (2) : 274 - 318.
  • 3James M Keller, Jeffrey Osbom. Training the fuzzy integral [J]. International Journal of Approximate Reason, 2(102, 15 (1):1 -24.
  • 4王熙照.模糊测度和模糊积分及在分类技术中的应用[M].北京:科学出版社,2007.
  • 5杨锋,钟诚,李智.基于概率模糊认知图的Mstream攻击检测方法[J].计算机工程,2006,32(10):125-127. 被引量:3
  • 6骆祥峰,高隽,张旭东.基于信任知识库的概率模糊认知图[J].计算机研究与发展,2003,40(7):925-933. 被引量:13
  • 7钟诚,杨锋,陈国良.基于概率模糊认知图的混合入侵检测方法[J].小型微型计算机系统,2006,27(5):783-787. 被引量:3
  • 8Valdes Alfonso, Skinner Keith. Probabilistic alert correlation [ A]. Proceedings of the 4th International Symposium on Re-cent Advances in Intrusion Detection, 2001 [ C ]. London: Springer-Verlag, 2001.54 - 68.
  • 9Cuppens F, Miege A. Alert correlation in a cooperative inslru- sion detection framework[ A ]. IEEE Symposium on Security and Privacy,2002[ C]. Oakland, CA: IEEE, 2002.202 - 215.
  • 10Dain O, Ctmningham R K. Fusing a heterogeneous alert stream into scenarios[ A]. The 2001 ACM Workshop on Data Mining for Security Application [ C ]. Philadelphia, Pennsylvania: ACM,2001.1 - 13.

二级参考文献54

  • 1吕志军,金毅,赖海光,黄皓,谢立.DAPRA测试分析和IDS测试方法研究[J].计算机科学,2004,31(11):73-76. 被引量:4
  • 2裴晋泽,肖枫涛,胡华平,黄辰林.统一入侵检测报警信息格式提案及其实现[J].计算机应用研究,2006,23(2):107-110. 被引量:4
  • 3郭帆,余敏,叶继华.一种基于关联和代理的分布式入侵检测模型[J].计算机应用,2007,27(5):1050-1053. 被引量:6
  • 4韩景灵,孙敏.入侵检测报警信息融合系统的构建与实现[J].计算机技术与发展,2007,17(6):159-162. 被引量:3
  • 5Snapp S R, Brentano J,Dias G V, et al. DIDS (Distributed Intrusion Detection System) : Motivation, Architecture, and an Early Prototype[C]//Proc of the 14th National Computer Security Conf, 1991 : 167-176.
  • 6Spafford E H, Zamboni D. Intrusion Detection Using Autonomous Agents[J]. Computer Networks, 2000,34(4) : 547- 570.
  • 7Cuppens F. Managing Alerts in a Multi-Intrusion Detection Environment[C]//Proc of the 17th Annual Computer Security Applications Conf, 2001 : 22-32.
  • 8Valeur F, Vigna G, Kruegel C. A Comprehensive Approach to Intrusion Detection Alert Correlation[J]. IEEE Trans on Dependable and Secure Computing, 2004,1 (3) : 146-169.
  • 9Ning P,Cui Y,Reeves D S. Constructing Attacking Scenarios Through Correlation of Intrusion Alerts[C]//Proc of the 9th ACM Conf on Computer and Communications Security, 2002 : 245-254.
  • 10The Shmoo Group. CaPture the CaPture the Flag Data [DB/OL]. [2006-04-11]. http: //cctf. shmoo, corn/.

共引文献22

同被引文献43

引证文献5

二级引证文献28

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部