信息安全报警多级融合模型

Multilevel Fusion Model of INFOSEC Alert

下载PDF

导出

摘要报警融合是精简冗余报警,识别复杂攻击场景的有效方法,当前的报警融合方法大都局限于融合的特定方面。多级融合模型通过报警的标准化、验证、聚合与关联等环节,可以层层精简报警,从低层报警中抽象出高层攻击场景。实验结果证明该模型是可行的,且具有较高性能。 Alert fusion is an effective method to reduce redundant alerts and recognize complicated attack scenario.Currently,most proposed fusion methods are concentrate on special aspects.The multilevel fusion model can implement alert normalization,verification,aggregation and correlation,the low-level alerts are reduced layer upon layer,and then the high-level attack scenario is abstracted from alerts.The experimental results show that the model is effective and efficient.

作者余彦峰张书杰吕罗文

机构地区北京工业大学计算机学院

出处《计算机工程与应用》 CSCD 北大核心 2006年第29期154-156,183,共4页 Computer Engineering and Applications

基金北京市重点建设资助项目(编号:4010001202111) 北京市优秀人才培养专项经费资助项目(编号:20042D0501504)

关键词信息安全报警融合攻击场景 information security, alert fusion, attack scenario

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献9

1K Julisch.Clustering intrusion detection alarms to support root cause analysis[J].ACM Transactions on Information and System Security, 2003 ;6(4) :443-471
2Richard Lippmann,Seth Webster,Douglas Stetson.The effect of identifying vulnerabilitles and pathing software on the utility of network intrusion detection[C].In:The 5th Int'l Syrnp on Recent Advances in Intrusion Detection ,Zurich, Switzerland ,2002
3P Porras,M Fong,A Valdes.A Mission-Impact-Based Approach to INFOSEC Alarm Correlation[C].In:Proc Int'l Symp The Recent Advances in Intrusion Detection,2002-10:95-114
4Fredrlk Valeur,Giovanni Vigna,Christopher Kruegel et al.A Comprehensive Approach to Intrusion Detection Alert Correlation[J].IEEE Transactions on Dependable and Secure Computing,2004:7-9
5A Valdes,K Skinner.Probabilistic Alert Correlation[C].In:Proc Int'l Symp Recent Advances in Intrusion Detection,2001-10:54-68
6H Debar,A Wespi.Aggregation and Correlation of Intrusion-Detection Alerts[C].In:Proc.Int'l Symp Recent Advances in Intrusion Detection, 2001:85-103
7P Ning,Y Cui,D S Reeves.Constructing Attack Scenarios through Correlation of Intrusion Alerts[C].In:Proc ACM Conf Computer and Comm Security, 2002 : 245-254
8MIT Lincoln Laboratory, Lincoln Lab Data Sets.http ://www.ll.mit.edu/IST/ideval/data/data index.html, 2000
9Xinzhou Qin,Wenke Lee.Attack Plan Recognition and Prediction Using Causal Networks[C].In:Proceedings of the 20th Annual Computer Security Applications Conference(ACSAC'04),2004

1孙虎.报警融合及关联分析技术研究[J].科技资讯,2007,5(12):7-8.
2余彦峰,张书杰,吕罗文.基于多组件分析的报警融合[J].计算机工程,2006,32(22):146-147.
3孙云.一种基于异常入侵检测的报警融合技术[J].计算机时代,2016(8):39-43. 被引量：1
4曹薇薇,尹传环,牟少敏.基于支持向量数据描述的报警融合方法[J].计算机工程与应用,2015,51(19):125-128. 被引量：1
5韩金辉.罗仕拿:高端无线报警融合门禁系统专家[J].中国公共安全,2013,0(Z2):188-188.
6周广刚,尉永清.基于场景重构和报警融合的异常数据分析[J].科技视界,2015(15):7-7.
7张志军,余江,常俊,刘银山.多源安全信息融合系统设计[J].计算机安全,2009(7):27-29. 被引量：2
8伏晓,谢立.安全报警关联技术研究[J].计算机科学,2010,37(5):9-14. 被引量：4

计算机工程与应用

2006年第29期

浏览历史

内容加载中请稍等...

信息安全报警多级融合模型

参考文献9

相关作者

相关机构

相关主题

浏览历史