期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

入侵检测中基于序列模式的告警关联分析 被引量:3

Analysis of Alert Correlation Based on Sequential Pattern in Intrusion Detection
下载PDF
导出
摘要 提出一种基于序列模式的告警关联分析模型,实现对攻击告警的分析。该模型预处理部分利用网络拓扑信息和告警属性相似度隶属函数对原始告警进行过滤和融合;在WINEPI算法的基础上,考虑告警数据库增长的情况,提出一种告警的增量式序列模式挖掘算法,用于关联规则发现;在线关联模块匹配规则库形成攻击场景图,并预测未知攻击事件。使用2000 DARPA攻击数据集测试表明,该模型能够明显改善入侵检测系统的性能,验证了模型和算法的有效性。 An alert correlation model based on sequential pattern is presented for the analysis of attacker alarm. Alerts are filtered and merged by means of the network information and similarity membership function first. In the alert correlation module, an incremental sequential algorithm based on WINEPI is employed aiming at the correlation rule mining when the rule database increases. The online correlation module matches rules and constructs attack scenarios. The experiment results with the 2000 defense advanced research projects agency (DARPA) intrusion detection scenario specific datasets indicate that the proposed alert correlation model can improve the performance of intrusion detection system (IDS) efficiently.
作者 武斌 杨义先 郑康锋
机构地区 北京邮电大学网络与交换技术国家重点实验室
出处 《电子科技大学学报》 EI CAS CSCD 北大核心 2009年第3期415-418,475,共5页 Journal of University of Electronic Science and Technology of China
基金 国家重点基础研究发展计划(2007CB310704)
关键词 告警关联 数据挖掘 增量式更新 入侵检测 序列模式 alert correlation data mining incremental updating intrusion detection sequentialpattem
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1CUPPENS F, MIEGE A. Alert correlation in a cooperative intrusion detection framework[C]//IEEE Symposium on Security and Privacy. Maryland: IEEE Computer Society, 2002.
  • 2VALDES A, SKINNER K. Probabilistic alert correlation[C]//4th International Symposium on Recent Advances in Intrusion Detection. Davis: Lecture Notes In Computer Science, 2001.
  • 3NING P, CUI Y, REEVES D S. Constructing attack scenarios through correlation of intrusion alerts[C]//9th ACM Conference on Computer and Communications Security. Washington: ACM, 2002.
  • 4AMEL M, NOUREDDINE B. Multi-violation detectors an algebraic tool for alert correlation and intrusion detection[C]//ICTTA'06. Damascus: IEEE Computer Society, 2006.
  • 5AMEL M, SIHEM G F, SIHEM B. An efficient correlation method for intrusion detection[C]//12th IEEE International Conference on Electronics, Circuits and Systems. Tunisia: 1EEE Circuits And Systems Society, 2005.
  • 6STEFANOS M, MARVIN C, DAN Z, et al. A data mining analysis of RTID alarms[J]. Computer Networks, 2000, 34(4): 571-577.
  • 7KLAUS J, MARC D. Mining intrusion detection alarms for actionable knowledge[C]//8th ACM International Conference on Knowledge Discovery and Data Mining. Edmonton: ACM SIGKDD, 2002.
  • 8JIN H, SUN J H. A fuzzy data mining based intrusion detection model[C]//10th IEEE International Workshop on Future Trends of Distributed Computing Systems (FTDCS04). [S.l.]: IEEE Computer Society, 2004.
  • 9JULISCH K. Clustering intrusion detection alarms to support root cause analysis[J]. ACM Transactions on Information and System Security, 2003, 6(4): 443-471.
  • 10MIKA K. A knowledge discovery methodology for telecommunication network alarm databases[D]. Helsinki: University of Helsinki, 1999.

同被引文献12

  • 1Brian L.Porto:legal reasoning and review.David A Schuhz ed.Law and politics:unanswered questions,Harvard University Press,1996.
  • 2丁丽萍,王永吉.多维计算机取证模型研究.第二十次全国计算机安全学术交流会论文集.
  • 3Knight E.Computer vulnerabilities,http://www.ussrback.com/decs/papers/general/compvuln_draft.pdf,2008-04-06.
  • 4Lough D L.A taxonomy of computer attacks with applications to wireless networks.Virginia Polytechnic Institute and State University,2001.
  • 5Amel M,Noureddine B.Multi-violation detectors an algebraic tool for alert correlation and intrusion detection.In:ICTtA 06,Damascus:IEEE Computer Society,2006.
  • 6Agrswal R,Srikant B.Fast algorithms for mining association rules in LARGE databases.In:Proceedings of 20th International Conference on Very Large Databases,Santiago,Chile,1994.
  • 7Calders T.Pereodaens J.Axiomatization of frequent itemsets.Theoretical Computer Science,2003,290(1):669-693.
  • 8Jin H,Sun J H.A fuzzy data mining based intrusion detection model.In:10th IEEE International Workshop on Future Trends of Distributed Computing Systems(ftdcs04).IEEE Computer Society,2004.
  • 9Julisch K.Clustering intrusion detection alarms to support root cause analysis.ACM Transactions on Information and System Security,2003,6(4):443-471.
  • 10Mika K.A knowledge discovery methodology for telecommunication network alarm databases.Helsinki:University of Helsinki,1999.

引证文献3

二级引证文献9

电子科技大学学报
2009年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部