摘要
针对传统的入侵检测系统存在的误警率高、存在告警洪流、告警孤立等缺点,引入了数据融合方法,提出了一个分布式入侵检测中的数据融合模型。该模型对告警进行分类,采用D-S理论对多IDS告警进行融合,基于前提和后果的方法对告警进行关联,最后量化系统受威胁程度,提供了一个解决上述问题的框架和方法。
Aiming at the problem of traditional intrusion system,such as high false alert rate,alert torrent,alert isolation,a data fusion model in distributed intrusion detection is put forward.This model classifies alerts,employs D-S theory to fuse alerts of several IDS and method based on prerequisite and consequent to correlate alerts,quantifies the security risk of system and provides a framework and method to solve the above problems.
出处
《计算机与数字工程》
2007年第4期97-99,共3页
Computer & Digital Engineering
关键词
入侵检测
数据融合
告警分类
D—S理论
关联
intrusion detection,data fusion,alert classification,D-S theory,correlation