摘要
针对现有入侵检测系统中存在告警量过大、误报率高的问题,运用过滤检测、相关性分析等方法,对原始告警信息进行二次处理.实验证明,该模型能有效缩减告警数量,降低误警率.同时,还能将告警结果按照危险级别进行分类统计,以图形化的方式报告给用户,从而达到预警的目的.
Aiming at resolving the problem that currently IDS has overload alerts and high rate of false negative, this paper uses the method of filter testing and Correlation analysis to process the original alerts . Experiments show that the model is effective in reducing the number of alerts and false negative rate. At the same time, the system can classify and sum up alerts according to dangerous levels and show the graphic reports to users, so as to achieve the purpose of warning.
出处
《微电子学与计算机》
CSCD
北大核心
2008年第12期122-124,共3页
Microelectronics & Computer
基金
国家自然科学基金项目(60773053)
关键词
告警分析
相关性
误报警
入侵检测
alert analysis
correlation
false alert
intrusion detection
