摘要
现有的告警相关方法处理开销比较大,特别是在告警风暴的情况下有可能无法处理。该文针对这种情况,提出一种改进的、适用于分布式入侵检测系统的告警相关方法,并给出了一个采用这种方法的实现框架及其实验结果。结果表明,改进后的告警相关方法能在告警相关识别率和告警相关准确率保持基本不降低的条件下,告警相关数据处理率降低40%以上,从而可保证告警相关部件在告警风暴的情况下仍有效地工作。
The existing alert correlation methods are costly, especially under the condition of alert flooding, which may be hard to process. With this condition, this paper proposes an improved alert correlation method which works in the distributed network environment, and then presents an implementation framework and its experiment results using this method. The results show that the improved alert correlation method can dramatically reduce the alert correlation data processing ratio (>40%) without damaging the alert correlation recognition ratio and the alert correlation accuracy ratio, so it can ensure the alert correlation components to work effectively under the condition of alert flooding.
出处
《计算机工程与科学》
CSCD
2005年第4期63-65,共3页
Computer Engineering & Science
基金
国家863计划资助项目 (2003AA118201)
国家自然科学基金资助项目(60273070)
湖南省2004年科技攻关资助项目(04gk3022)