期刊文献+

基于层次的智能告警关联分析模型研究 被引量:1

Research on Intelligent Alert Correlation Analysis Hierarchy Model
下载PDF
导出
摘要 入侵检测系统的广泛使用产生了许多告警信息流,这些告警事件信息流基本上都是基于低层的攻击步骤检测,且具有较大的误告警率;各种分布式攻击进一步加剧了入侵检测系统告警事件信息流的复杂性。研究介绍了关联分析的基本原因、关联分析的基本概念,然后提出智能化入侵检测关联分析层次模型。该模型从误告警验证和抑制,到一个攻击一个告警,再到一个攻击过程对应一个场景刻画,形成一个层次。在不同的层次上,防御者对攻击的视图越来越清晰,从而为响应措施提供了精确的决策依据,进一步提高了整个入侵检测系统的智能性和可用性。 As the intrusion detection systems are widely used by the practitioners, many alert information are produced, which just indicate low level attack steps and may have many error reports. Furthermore, various distributed network attacks enhance the complexities of the intrusion detection system alert information flows. This paper studies the basic reasons of the intrusion alert correlation and proposes an intelligent intrusion detection alert correlation hierarchy model, which can implement the hierarchy of alert verification and restrainment, correlation of attack alert to an attcak, corresponding of a macro alert with attack scenario. In the different hierarchy, the defender can acquire the more details of attackers so that the decision of defending response can be more correct. The research results of this paper can improve the intelligence and usability of all kinds of intrusion detection systems.
作者 张连华
出处 《微型电脑应用》 2011年第8期36-38,73,共4页 Microcomputer Applications
基金 2011年度上海市博士后科研资助计划重点项目(项目编号:11R21421700)的资助
关键词 入侵检测 告警关联分析 智能模型 层次模型 Intrusion Detection Alert Correlation Analysis Intelligent Model Hierarchy Model
  • 相关文献

参考文献12

  • 1Staniford S,Paxson V,Weaver N.How to own the Internet in your spare time. Proc.of the 11th Usenix Security Symp . 2002
  • 2Xuejiao Liu,Debao Xiao,Ting Gu,Hui Xu."Scenario Recognition based on Collaborative Attack Modeling in Intrusion Detection". Proceeding of Interna-tional,MultiConference of Engineers and Computer Scien-tists 2008(IMECS2008) .
  • 3Curry,D,Debar.H.Internet-Draft:Intrusion Detection Exchange Format. . 2002
  • 4Julia Allen,Alan Christie,William Fithen et al.State of the Practice of Intrusion Detection Technolog. http://www.sei.cmu.edu/pub/documents/99.reports/pdf/99tr028.pdf . 2000
  • 5Allen.J.F.Towards a general theory of action and time. Readings in Planning . 1990
  • 6Benjamin Morin,HervéDebar.Correlation of Intrusion Symptoms:an Application of Chronicles. Proceed-ings of the 6th symposium on Recent Advances in Intrusion Detection(RAID 2003) . 2003
  • 7Edward Amoroso.Intrusion Detection:An Introduction Surveillance, Correlation, Trace Back, Traps and Responses NetBooks, 1999. to Internet. .
  • 8Tim Bass.Intrusion detection systems and multisensor data fusion. Communications of the ACM . 2000
  • 9Cuppens F,Miege A.Alert correlation in a cooperative intrusion detection framework. Proceedings of the 2002 IEEE Symposium on Security and Privacy . 2002
  • 10T Lunt.Detecting Intruders in Computer Systems. Proceedings of the 1993 Conference on Auditing and Computer Technology . 1993

同被引文献2

引证文献1

二级引证文献6

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部