期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于贝叶斯分类的入侵防御系统报警研究 被引量:2

Research on alarm analyzer of IPS based on Bayesian classification
下载PDF
导出
摘要 为了减少检测入侵防御系统的报警信息数量和误报率,设计了加权投票贝叶斯分类法,该分类法可以有效的将报警信息分类,减少重复报警。并使用具有高性能的报警关联算法与加权投票贝叶斯分类法有机结合,实现了针对入侵防御系统的报警分析器。通过对使用该报警分析器与未使用报警分析器的入侵防御系统进行比较实验,表明了该报警分析器可以有效的减少重复报警数量,降低误报率。 To decrease the number of alarm information and false positive ration of intrusion protection system, a new Bayesian classification algorithm which named weight polling Bayesian classification algorithm is designed. The new Bayesian algorithm is more accurate, and can reduce the number of alarm information remarkably. An alarm info analyzer is designed by integrating correlation algorithm with the Bayesian classification algorithm. The comparison experiments between the intrusion protection system with the alarm info analyzer and the intrusion protection system showed that the alarm info analyzer decrease the number of alarm info and false positive ration remarkably.
作者 郑林 陈蜀宇 石振明
机构地区 重庆大学计算机学院 重庆大学软件学院
出处 《计算机工程与设计》 CSCD 北大核心 2008年第14期3620-3622,共3页 Computer Engineering and Design
基金 教育部"新世纪优秀人才支持计划"基金项目(NCET-04-0843)
关键词 入侵防御系统 关联 贝叶斯 加权 网络安全 intrusion protectionsystem correlation Bayesian weight network security
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1刘林强,宋如顺,徐峰.一种深度入侵防御系统的研究和设计[J].计算机工程与设计,2005,26(6):1522-1524. 被引量:3
  • 2陈雅玲.轻型网络入侵侦测[D].国立中山大学资讯管理研究所.2005.
  • 3Alfonso Valdes,Keith Skinner.Probabilistic alert correlation[C]. 4th International Symposium on Recent Advances in Intrusion Detection,2001:54-68.
  • 4穆成坡,黄厚宽,田盛丰.基于多层模糊综合评判的入侵检测系统报警验证[J].计算机应用,2006,26(3):553-557. 被引量:6
  • 5Han Jiawei,Micheline Kamber.Data mining: Concepts and techniques [M]. San Francisco:Morgan Kaufmann Publishers,2001: 185-219.
  • 6郭山清,阳雪林,曾英佩,谢立,高丛.安全报警事件关联算法研究[J].计算机应用,2005,25(10):2276-2279. 被引量:4
  • 7Ning Peng,Xu Dingbang,Christopher G Healey, et al.Building attack scenarios through integration of complementary alert correlation methods[J]. 11th Annual Network and Distributed System Security Symposium(NDSS'04),2004-97-111.
  • 8Lincoln Laboratory, Massachusetts Institute of Technology. 1999 DARPA intrusion detection evaluation data set[EB/OL], http:// www.ll.mit.edu/IST/ideval/pubs/pubs_index.html.

二级参考文献30

  • 1SCHNACKENBERG D,HOLLIDAY H,SMITH R,et al.Cooperative Intrusion Traceback and Response Architecture[A].Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX II'01)[C],2001.
  • 2TOTH T,KRUEGEL C.Evaluating the impact of automated intrusion response mechanisms[A].Proceedings of 18th Annual Computer Security Application Conference[C].Las Vegas,Nevada,USA,2002.
  • 3LEE W.Toward Cost-Sensitive Modeling for Intrusion Detection and Response[J].Journal of Computer Security,2002,10(1/2).
  • 4GULA R.Correlating IDS Alerts with Vulnerability Information[R].Tenable Network Security,2002.
  • 5STIENNON R.Intrusion Detection Is Dead-Long Live Intrusion Prevention[EB/OL].http://www.sans.org/rr/papers/index.php?id=1028,2003-06-11.
  • 6CUPPENS F,MIEGE A.Alert Correlation in a Cooperative Intrusion Detection Framework[A].Proceedings of the IEEE Symposium on Security and Privacy[C].Oakland,CA,2002.
  • 7GOLDMAN RP,HEIMERDINGER W,HARO SA.Informationmodeling for intrusion report aggregation[A].Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX II)[C],2001.
  • 8MORIN B,MéL,DEBAR H,et al.M2D2:A Formal Data Model for IDS Alert Correlation[A].Proceedings of Recent Advances in Intrusion Detection 2002,LNCS 2516[C].Springer-Verlag,2002.115-137.
  • 9PORRAS PA,FONG MW,VALDES A.A mission-impact-based approach to INFOSEC alarm correlation[A].Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID)[C],2002.
  • 10NING P,CUI Y.TR-2002-01,An intrusion alert correlator based on prerequisites of intrusion[R].Department of computer science,North Carolina State University,2002.

共引文献10

同被引文献35

引证文献2

二级引证文献7

计算机工程与设计
2008年 第14期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部