摘要
在Cuppens的CRIM模型和IBM苏黎世研究实验室相关研究工作的基础上,提出了一种基于规则的入侵检测警报数据融合模型,并给出了其合成率的定义。该模型各个环节的处理方法具有良好的一致性,易于实现,可用于处理漏报、误报和警报数量过多(因警报粒度过细造成)的问题。
Based on the the Cuppens's CRIM model and the research results of IBM Zurich Research Laboratory, the paper proposes an intrusion detection system(IDS) data fusion model in which the expert rule is applied. The defination of merging rate is given to measure the merging efficiency. The algorithm in every part of the model is relatively similar, and theretbre the system is easy to be implemented. The model can be used to handle problems of false positive, false negative and too much number of alarms (caused by too small grannularity in detecting).
出处
《计算机工程》
EI
CAS
CSCD
北大核心
2005年第16期135-136,共2页
Computer Engineering
基金
中国工程物理研究院预研基金资助项目(2002-421050504-12-04)
关键词
入侵检测
数据融合
误报
漏报
合成率
Intrusion detection
Data fusion
False positive: False negative
Merging rate