摘要
文章研究了警报关联方法,模糊积分和模糊认知图基本理论,提出了一种基于Choquet模糊积分的入侵检测警报关联方法,设计并实现了一个能够识别多步攻击的警报关联引擎.通过DRDOS和LLDOS实验表明,该引擎能够有效的检测网络中存在的大规模分布式多步攻击.
The alert correlation,choquet fuzzy integral and fuzzy cognitive maps was analyzed,the correlation of IDS alerts based choquet fuzzy integral was proposed and the correlation engine of intrusion detection system was designed.Though experiences of the DRDOS attack and LLDOS attack,it is proved that the alert correlation in the paper could correlate the alerts with high feasibility.
出处
《电子学报》
EI
CAS
CSCD
北大核心
2011年第12期2741-2747,共7页
Acta Electronica Sinica
基金
国家重点基础研究发展计划(973计划)(No.2009CB320706)
国家自然科学基金(No.61073009)
吉林省科技发展计划资助项目(No.20090111)
长春国际合作项目(No.11GH12)
关键词
入侵检测
模糊积分
模糊测度
警报关联
告警关联
intrusion detection
fuzzy integral
fuzzy measure
alert correlation
alarm correlation