期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

入侵检测系统中报警验证模块的设计与实现 被引量:5

Design and Implementation of Alert Verification Module in Intrusion Detection System
下载PDF
导出
摘要 传统入侵检测系统虽然可以根据特征匹配的方法检测出攻击企图,却无法验证攻击企图是否成功,生成的报警不仅数量巨大而且误警率很高。该文提出一种结合漏洞扫描工具对入侵检测系统生成的报警进行验证的方法,根据被攻击主机是否包含能使攻击成功的漏洞来判定攻击能否成功,对攻击的目标主机不存在对应漏洞的报警降低优先级,从而提高报警质量。说明了报警验证模型各部分的设计和实现方法,系统运行结果显示该方法能有效地压缩报警量,降低误警率,帮助管理员从大量数据中找到最应该关注的真实报警。 Traditional intrusion detection system detects intrusion attempts Using signature-based method, but it can hardly determine if the attempt is successful. As a result, alerts generated by IDS are not only huge in number but also poor in data quality, i.e. containing false positive alerts. This paper presents a method to verify alerts using vulnerability-scanning tools. The idea of alert verification is to check if the destination host has the necessary vulnerability that can make the intrusion successful. According to the result of alert verification process, attacks that possibly failed are degraded in priority. The experimental result shows that the alert verification model in distributed IDS can compress the duplicated alerts, reduce false positives efficientIy, which helps network administrators focus on actual alerts from overwhelming amount of data.
作者 左晶 段海新 于雪莉
机构地区 清华大学电子工程系 清华大学信息网络工程研究中心
出处 《计算机工程》 CAS CSCD 北大核心 2008年第2期267-269,272,共4页 Computer Engineering
基金 国家“973”计划基金资助项目(2003CB314805)
关键词 报警验证 入侵检测系统 网络安全 alert verification Intrusion Detection System(IDS) network security
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献7

  • 1Ptacek T H, Newsham T N. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection[Z]. Secure Networks Inc., 1998.
  • 2Kruegel C, Robertson W. Alert Verification: Determining the Success of Intrusion Attempts[C]//Proceedings of the 1st Workshop on Detection of Intrusions and Malware & Vulnerability Assessment. Germany: [s. n.], 2004-07.
  • 3Ning Peng, Cui Yun. An Intrusion Alert Correlator Based on Prerequisites of Intrusions[R]. Department of Computer Science, North Carolina State University of Erlangen, Technical Report: TR-2002-01, 2002-01.
  • 4Porras P A, Fong M W, Valdes A, A Mission Impact Based Approach to INFOSEC Alarm Correlation[C]//Proceedings of the 5th International Symposium on Recent Advances in Intrusion Dtetection. Zurich: [s. n.], 2002-10.
  • 5Real-time Network Awareness[DB/OL]. [2006-12-21]. http://www. sourcefire.com/technology/whitepapers.html.
  • 6Ramesh S, Elango K. Reducing False Positives Using Vulnerability Assessment[DB/OL]. [2006-12-21]. http://www.securitydocs. com/library/2563/library/2563.
  • 7段海新,于雪丽,王兰佳.基于地址关联图的分布式IDS报警关联算法[J].大连理工大学学报,2005,45(z1):126-131. 被引量:4

二级参考文献11

  • 1[1]LEWIS L. A case-based reasoning approach to the management of faults in communication networks[J]. IFIP Trans. C-Comms Systems, 1993, 12: 671-682.
  • 2[2]KLIGER S, YEMINI S, YEMINI Y. A coding approach to event correlations[A]. Proceeding of the 6th IFIP/IEEE International Symposium on Integrated Network Management[C]. London:Chapmanand Hall, 1995:266-277.
  • 3[3]AKOBSON G, WEISSMAN M D. Alarm correlation[J]. IEEE Network, 1993, 7(6):52-59.
  • 4[4]HASAN M, SUGLA B, VISWANATHAN R. A conceptual framework for network management event correlation and filtering system[A]. SLOMAN M, MAZUMDAR S, LUPU E. Intonation Network Management VI[C]. London: Champman Hall, 1999:233-246.
  • 5[5]VALDES A, SKINNER K. Probabilistic alert correlation[R]. RAID 2001, 2001:54-68.
  • 6[6]STANIFORD S, HOAGLAND J A, MCALEMEY J M. Practical automated detection of stealthy portscans[J]. Journal of Computer Security, 2002, 10:105-136.
  • 7[7]DAIN O, CONNINGHAM R K. Fusing a heterogeneous alert stream into scenarios[A]. Proceedings of the 2001 ACM Workshop on Data Mining for Security Applications[C].[S.l.]:[s.n.], 2001:1-13.
  • 8[8]DEBAR H, WESPI A. Aggregation and correlation of intrusion-detection alerts[R]. RAID 2001, 2001:85-103.
  • 9[9]NING P, CUI Y. An intrusion alert correlator based on prerequisites of intrusions[A]. Technical Report TR-2002[M]. [S.l.]:North Carolina State University, Department of Computer Science, 2002[2002-06-05]. Http://uther.dlib.vt.edu/~ncstrlh/cgi-bin/OAINCSTRL_union/UI/search.pl?related=oai:ncsu_cs:TR-2003-16.
  • 10[10]PORRAS P A, FONG M W, VALDES A. A mission-impact-based approach to INFOSEC alarm correlation[A]. RAID 2002[M]., 2002:95-114.

共引文献3

同被引文献33

  • 1向慧慧,温智韦.基于生物免疫机制的网络入侵检测方法[J].网络安全技术与应用,2005(11):40-42. 被引量:2
  • 2符海东,李华伟,王中伟.计算机免疫技术在入侵检测中的应用[J].武汉科技大学学报,2006,29(1):72-74. 被引量:4
  • 3韩景灵,孙敏.入侵检测报警信息融合系统的构建与实现[J].计算机技术与发展,2007,17(6):159-162. 被引量:3
  • 4MUKHERJEE B, HEBERLEIN L T, LEVETT K N. Network Intrusion Detection[J]. IEEE Network, 1994, 8(3) : 26 -41.
  • 5JERNE N K. Towards a Network Theory of the Immune System[ R]. Annual Immunology, 1974,125.
  • 6S FORREST, A S PERELSON, L ALLEN, et al. Self- Nonself Discrimination in a Computer[ C]/! Proceedings of IEEE Symposium on Research in Security and Privacy, Oakland, 1994.
  • 7S FORREST, S A HOFMEYR, SOMAYAJI A. Computer immunology [ J ]. Communications of the ACM, 1997,40 (10) ;88 -96.
  • 8KIM J, BENTLY P. The Human Immune System and Network Intrusion Detection[ M]. EUFIT,1999.
  • 9HOFMEYR S. An Immune Logical Model of Distributed Detection and its Application to Computer Security[ D ]. Dept of Compute Science, University of New Mexico, 1999.
  • 10KIM J, BENTLEY P. Negative Selection and Nicking by an Artificial Immune System for Network Intrusion Detection[ C ]// In: Proc. of GECCO'99, 1999.

引证文献5

二级引证文献5

计算机工程
2008年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部