期刊文献+

基于规则的入侵检测数据融合模型 被引量:2

Rule-based Data Fusion Model of Intrusion Detection
下载PDF
导出
摘要 在Cuppens的CRIM模型和IBM苏黎世研究实验室相关研究工作的基础上,提出了一种基于规则的入侵检测警报数据融合模型,并给出了其合成率的定义。该模型各个环节的处理方法具有良好的一致性,易于实现,可用于处理漏报、误报和警报数量过多(因警报粒度过细造成)的问题。 Based on the the Cuppens's CRIM model and the research results of IBM Zurich Research Laboratory, the paper proposes an intrusion detection system(IDS) data fusion model in which the expert rule is applied. The defination of merging rate is given to measure the merging efficiency. The algorithm in every part of the model is relatively similar, and theretbre the system is easy to be implemented. The model can be used to handle problems of false positive, false negative and too much number of alarms (caused by too small grannularity in detecting).
出处 《计算机工程》 EI CAS CSCD 北大核心 2005年第16期135-136,共2页 Computer Engineering
基金 中国工程物理研究院预研基金资助项目(2002-421050504-12-04)
关键词 入侵检测 数据融合 误报 漏报 合成率 Intrusion detection Data fusion False positive: False negative Merging rate
  • 相关文献

参考文献5

  • 1Bass T. Intrusion Detection Systems and Multisensor Data Fusion. Communications of the ACM, 2000, 43(4):99-105
  • 2Hall D L, Llinas J. An Introduction to Multisensor Data Fusion. In: Proceedings of the IEEE, 1997, 85
  • 3Cuppens F. Managing Alerts in a Multi-intrusion Detection Environ- ment. New-orleans, USA: In 17^th Annual Computer Security Applications Conference, 2001-09
  • 4Cuppens F, Mi'ege A. Alert Correlation in a Cooperative Intrusion Detection Framework. Oakland, USA: In IEEE Symposium on Security and Privacy, 2002.
  • 5Dacier M, Alessandri D, Marty R, et al. Design of an Intrusion- tolerant Intrusion Detection System. Research Report RZ 3413, IBM Research, Zurich Research Laboratory, 2002-08-09

同被引文献13

引证文献2

二级引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部