期刊文献+

基于关联分析的IDS报警信息的研究与设计 被引量:1

The Research and Design of IDS Dlerts Information Based on Correlation Analysis
下载PDF
导出
摘要 入侵检测系统的大部分报警事件之间都存在某种联系,通过对这些报警信息的关联分析,对解决目前入侵检测系统所存在的误报、漏报、重复报警、报警信息层次低等问题,具有重要的意义。该文基于因果关联方法,建立了一个入侵检测系统关联分析模型,该模型的关联分析过程分为聚合和关联分析,可以对不同入侵检测系统产生的报警信息进行关联分析。 The alert events detected by Intrusion Detection System are usually interrelated in certain respects. Through correlating of these alerts,it could be very helpful in solving many problems exit in current Intrusion Detection Systems,such as,high false positive ratio and false negative ratio,too many repeated and primitive alerts,etc.This paper present an alert correlation model,the alert correlation process include aggregation and correlation,which can correlation alerts produced by multiple heterogeneous intrusion detection systems.
作者 肖莽 程从从
出处 《电脑知识与技术》 2009年第8X期6965-6968,共4页 Computer Knowledge and Technology
关键词 入侵检测 报警聚合 关联分析 因果关联 漏报关联 intrusion detection alerts aggregation Alerts correlation causality correlation False negatives correlation
  • 相关文献

参考文献6

  • 1李雪莹,刘宝旭,毕学尧,安德海,许榕生.对入侵检测警报关联分析的研究与实践[J].计算机工程与应用,2003,39(19):14-16. 被引量:12
  • 2Valdes A,Skinner K.Probabilistic Alert Correlation[].Procof theth Intenrational Symposium on Recent Advances in Intrusion Detec-tion.2001
  • 3P.Ning,Y.Cui.Constructing Atack Scenarios through Correlation of Intrusion A1erts[].Technical Report TR--North Carolina State UniversityDepartment of Computer science.2002
  • 4K.Kendall.A Database of ComPuter Attacks for the Evaluation of Intrusion Detection System[]..1999
  • 5DENNING D.Intrusion-Detection model[].IEEE Transactions on Software Engineering.1987
  • 6P.NING,D.B.XU,C.G.HEALEY,R.A.ST.AMANT.Building attack scenarios through integration of complementary alert correlation methods[].precof the lth Annual Network and Distributed System Security Symposium.2004

二级参考文献4

  • 1F Cuppens,A Mi'ege.Alert Correlation in a Cooperative Intrusion Detection Framework[C].In:IEEE Symposium on Security and Privacy, Oakland, USA, 2002.
  • 2D Curry,H Debar.Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language(XML)Document Type Definition.draft-itetfidwg- idmef-xml-03.txt, 2001-02.
  • 3T Tidwell,R Larson,K Fitch et al.Modeling Internet Attacks[C].In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security United States Military Academy,West Point,NY,2001-06.
  • 4Fr'ed'eric Cuppens, Fabien Autrel,Alexandre Miege et al.Correlation in an intrusion detection process.S' Ecurit des Communications sur Internet-SECI02,2002-09.

共引文献11

同被引文献1

  • 1黄皞.业务规则管理系统ILOGJRules规则引擎分析[D].解放军信息工程大学,2006年.

引证文献1

二级引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部