报警融合及关联分析技术研究
摘要
网络中各种IDS在运行过程中会产生大量独立的、原始的报警信息,这些报警信息除了具有海量的特点外,还有比较高的误报率和漏报率,导致用户难于对攻击及时做出响应.利用报警融合和关联分析技术是能解决此问题的基本手段.本文对IDS报警融合和关联技术进行了介绍,并指出了需要进一步研究的问题.
出处
《科技资讯》
2007年第12期7-8,共2页
Science & Technology Information
参考文献8
-
1[1]T Bass.Intrusion detection systems and multisensor data fusion Communications of the ACM,2000,43(4):99~105.
-
2[3]Ruiu,Dragos.Cautionary Tales:Stealth Coordinated Attack HOWT0.http://www.nswc.navy.mil/ISSEC/CID/Stealth_Coordianted_Attack.html.1999
-
3[4]Julia Allen,Alan Christie,William Fithen et al.State of the Practice of Intrusion Detection Technology.2000.
-
4[5]F.Cuppens and A.Miege.Alert correlation in a cooperative intrusion detection framework.In Proceedings of the 2002 IEEE Symposium on Security and Privacy.May 2002.
-
5[6]P.Ning,Y.Cui,and D.S.Reeves.Constructing attack seenarios through correlation of intrusion alerts.In Proceedings of the 9th ACM Conference on Computer and Communications Security,pages 245 254,Washington,D.C.,November 2002.
-
6[7]A.Valdes and K.Skinner.Probabilistic alert correlation.In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection(RAID 2001),pages 54 68,2001.
-
7[8]H.Debar and A.wespi.Aggregation and correlation of intrusion-detection alerts.In Recent Advances in Intrusion Detection,LNCS 2212,pages 85 103,2001.
-
8[9]Teng H.S.,Chert K.and Lu S.C.Adaptive real-time anomaly detection using inductively generated sequential patterns.Proc.of the IEEE Symposium on Research in Security and Privacy.Oakland,CA,May 1990,278-284
-
1余彦峰,张书杰,吕罗文.信息安全报警多级融合模型[J].计算机工程与应用,2006,42(29):154-156.
-
2余彦峰,张书杰,吕罗文.基于多组件分析的报警融合[J].计算机工程,2006,32(22):146-147.
-
3孙云.一种基于异常入侵检测的报警融合技术[J].计算机时代,2016(8):39-43. 被引量:1
-
4曹薇薇,尹传环,牟少敏.基于支持向量数据描述的报警融合方法[J].计算机工程与应用,2015,51(19):125-128. 被引量:1
-
5韩金辉.罗仕拿:高端无线报警融合门禁系统专家[J].中国公共安全,2013,0(Z2):188-188.
-
6周广刚,尉永清.基于场景重构和报警融合的异常数据分析[J].科技视界,2015(15):7-7.
-
7张志军,余江,常俊,刘银山.多源安全信息融合系统设计[J].计算机安全,2009(7):27-29. 被引量:2
-
8伏晓,谢立.安全报警关联技术研究[J].计算机科学,2010,37(5):9-14. 被引量:4
