摘要
以多传感器数据融合技术为基础,提出了新的入侵检测融合模型——IDSFP。其具有对多个IDS入侵检测系统的警报进行关联、聚合,产生对安全态势判断的度量,从而构成证据的特点。IDSFP应用D-S证据理论来形成对当前安全态势进行评估的信息,并动态地反馈、调整网络中各个IDS(intrusiondetectionsystem),加强对与攻击意图有关的数据的检测,进而提高IDS检测效率,降低系统的误报率和漏报率。
Based on multi-sensor data fusion technology, a new intrusion detection data fusion model-IDSFP was presented. The model was characterized by correlating and merging alerts of different types of IDS, generating the measures of the security situation, thus constituting the evidence. Current security situation of network was evaluated by applying the D-S evidence theory, and various IDS of network were adjusted dynamically to strengthen the detection of the data which relates to the attack attempt. Consequently, the false positive rate and the false negative rate are effectively reduced, and the detection efficiency of IDS is accordingly improved.
出处
《通信学报》
EI
CSCD
北大核心
2006年第6期115-120,共6页
Journal on Communications
基金
河北省自然科学基金资助项目(F2004000133)~~
关键词
网络安全
入侵检测
警报关联
数据融合
D-S证据理论
态势分析
network security
intrusion detection
alert correlation
data fusion
D-S evidence theory
situation analysis