期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

入侵检测报警信息融合系统的构建与实现 被引量:3

Design and Implementation of Intrusion Detection Alert Fusion System
下载PDF
导出
摘要 针对目前入侵检测系统(IDS)存在的误报、漏报等问题,首先分析了存在误警的原因,设计并实现了一个入侵检测报警信息融合系统的模型。该模型提出一种相似隶属函数对报警事件进行关联,最后对系统进行了实验验证。结果表明该系统能有效地减少报警数量,降低误报、漏报率,从而提高了报警的有效性。同时通过事件关联完成攻击场景的重构,为加深对攻击者攻击意图的了解带来了方便,达到预警的目的,具有较强的实用价值。 Aiming at some problems in current IDS, such as false positive, false negative, analyzes the reason of false positive. An IDS alerts information fusion model is presented, and similarity subordination functions are presented for correlation of alert event. Experiments show that the IDS alerts information fusion system is effective in reducing the number of alerts, false positive, false negative better and it can warn according to attack intention identified.
作者 韩景灵 孙敏
机构地区 山西大学计算机与信息技术学院
出处 《计算机技术与发展》 2007年第6期159-162,共4页 Computer Technology and Development
基金 山西省高校科技开发项目(20051202)
关键词 入侵检测 误报率 信息融合 报警关联 intrusion detection false positive rate information fusion alert correlation
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献7

  • 1Ning Peng,Xu Dingbang.Learning attack strategies from intrusion alerts[C]//The 10th ACM Conf.Computer and Communications Security (CCS'03).Washington D.C.:[s.n.],2003.
  • 2Geib C,Goldman R.Plan Recognition in Intrusion Detection Systems[C]//Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX).Anaheim,California:[s.n.],2001.
  • 3Ning P,Reeves D.Correlating Alerts Using Prerequisites of Intrusions[R].Technical Report TR-2001-13.USA:Department of Computer Science,North Carolina State University,2001.
  • 4Valdes A,Skinner K.Probabilistic alert correlation[C]//In Lee W,M_ e L,Wespi A.Proceedings of the 4th International Symposium on the Recent Advances in Intrusion Detection (RAID'2001).LNCS.Davis,CA,USA:[s.n.],2001.
  • 5Carver C A,Hill J M D,Pooch U W.Limiting uncertainty in intrusion response[C]//The 2nd IEEE Information Assurance and Security Workshop.NY:West Point,2001.
  • 6郭文普,孙继银,任俊.一种基于数据融合的分布式入侵检测系统[J].计算机技术与发展,2006,16(2):217-219. 被引量:6
  • 7Ning Peng,Xu Dingbang.Christopher G,et al.Building Attack Scenarios through Integration of Complementary Alert Correlation Methods[C]//In the Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS).San Diego,California:[s.n.],2004.

二级参考文献5

共引文献5

同被引文献16

  • 1赵明清,蒋昌俊,陶树平.基于等价相异度矩阵的聚类[J].计算机科学,2004,31(7):183-184. 被引量:11
  • 2鲍旭华,戴英侠,冯萍慧,朱鹏飞,魏军.基于入侵意图的复合攻击检测和预测算法[J].软件学报,2005,16(12):2132-2138. 被引量:40
  • 3严芬,黄皓,殷新春.基于CTPN的复合攻击检测方法研究[J].计算机学报,2006,29(8):1383-1391. 被引量:17
  • 4Snapp S R, Brentano J,Dias G V, et al. DIDS (Distributed Intrusion Detection System) : Motivation, Architecture, and an Early Prototype[C]//Proc of the 14th National Computer Security Conf, 1991 : 167-176.
  • 5Spafford E H, Zamboni D. Intrusion Detection Using Autonomous Agents[J]. Computer Networks, 2000,34(4) : 547- 570.
  • 6Cuppens F. Managing Alerts in a Multi-Intrusion Detection Environment[C]//Proc of the 17th Annual Computer Security Applications Conf, 2001 : 22-32.
  • 7Valeur F, Vigna G, Kruegel C. A Comprehensive Approach to Intrusion Detection Alert Correlation[J]. IEEE Trans on Dependable and Secure Computing, 2004,1 (3) : 146-169.
  • 8Ning P,Cui Y,Reeves D S. Constructing Attacking Scenarios Through Correlation of Intrusion Alerts[C]//Proc of the 9th ACM Conf on Computer and Communications Security, 2002 : 245-254.
  • 9Ning P,Xu D.Hypothesizing and Reasoning about Attacks Missed by Intrusion Detection Systems[J].ACM Transactions on Information and System Security,2004,7(4):591-627.
  • 10王景新,王志英,戴葵.基于多源安全信息的IDS告警验证研究[J].计算机应用,2007,27(8):1910-1912. 被引量:2

引证文献3

二级引证文献6

计算机技术与发展
2007年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部