摘要
入侵检测系统的大部分报警事件之间都存在某种联系,通过对这些报警信息的关联分析,对解决目前入侵检测系统所存在的误报、漏报、重复报警、报警信息层次低等问题,具有重要的意义。该文基于因果关联方法,建立了一个入侵检测系统关联分析模型,该模型的关联分析过程分为聚合和关联分析,可以对不同入侵检测系统产生的报警信息进行关联分析。
The alert events detected by Intrusion Detection System are usually interrelated in certain respects. Through correlating of these alerts,it could be very helpful in solving many problems exit in current Intrusion Detection Systems,such as,high false positive ratio and false negative ratio,too many repeated and primitive alerts,etc.This paper present an alert correlation model,the alert correlation process include aggregation and correlation,which can correlation alerts produced by multiple heterogeneous intrusion detection systems.
出处
《电脑知识与技术》
2009年第8X期6965-6968,共4页
Computer Knowledge and Technology
关键词
入侵检测
报警聚合
关联分析
因果关联
漏报关联
intrusion detection
alerts aggregation
Alerts correlation
causality correlation
False negatives correlation