期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

异常检测在报警关联分析中的应用 被引量:3

Application of anomaly detection in alert correlation analysis
下载PDF
导出
摘要 为了给报警关联提供时间控制以提高关联的合理性和效率将误报警流作为背景流量,真实报警作为整个报警流的异常。利用经典统计模型即均值方差模型检测报警流量强度的异常,进而把异常的时间段提供给报警关联,仅对异常时间段内的报警进行关联分析。实验显示,该检测模型能够为报警关联分析提供时间控制,使得关联分析能够取得更加精炼而有意义的结果。由于集中分析异常时间段内的报警,该模型可显著地帮助网络管理员节省时间和精力。 A classic statistic model namely Mean and Standard Deviation Model (MSDM) was used to control time for alert correlation analysis in order to make the alert correlation more meaningful and efficient. Taking false alerts as the background flow and true alerts as the anomaly of the alert flow, MSDM detected the anomaly of the alert flow and offered the abnormal time slice to correlation analysis. Correlation process only correlated the alerts which were in the abnormal time slice. Simulation results show that this new method can detect anomaly alert intensities and offer time control to get more meaningful correlated results. Focused on the alerts in anomaly time, this method can save much time and energy of network administrators.
作者 王娟 秦志光 叶李 靳京
机构地区 电子科技大学计算机科学与工程学院
出处 《解放军理工大学学报(自然科学版)》 EI 北大核心 2009年第3期278-280,共3页 Journal of PLA University of Science and Technology(Natural Science Edition)
基金 国家242安全计划资助项目(2006C27)
关键词 报警分析 异常检测 中心极限定理 置信区间 alerts analysis anomaly detection central limit theorem confidence interval
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1卿斯汉,蒋建春,马恒太,文伟平,刘雪飞.入侵检测技术研究综述[J].通信学报,2004,25(7):19-29. 被引量:232
  • 2NING P,CUI Y,REEVES D S,et al.Techniques and tools for analyzing intrusion alerts[J].ACM Transactions on Information and System Security,2004,7(2):274-318.
  • 3QIN X,LEE W.Attack plan recognition and prediction using causal networks[C].Washington,DC,USA:Proceedings of the 20th Annual Computer Security Applications Conference,IEEE Computer Society,2004,370-379.
  • 4郭山清,曾英佩,谢立.基于可信报警事件的在线攻击场景重构算法[J].计算机科学,2006,33(8):100-105. 被引量:6
  • 5穆成坡,黄厚宽,田盛丰.入侵检测系统报警信息聚合与关联技术研究综述[J].计算机研究与发展,2006,43(1):1-8. 被引量:70
  • 6VIINIKKA J,DEBAR H,ME L,et al.Time series modeling for IDS alert management[C].New York:Proceedings of ACM Symposium on Information,Computer and Communications Security,2006.
  • 7DURRWTT R.Probability theory and examples[M].Pacific Grove:Wadsworth & Brooks/Cole,1991.
  • 8HONEYNET P.Know your enemy:honeynets[R/OL].Naperville:Honeynet Project,2006,http://old.honeynet.org/papers/honeynet/.

二级参考文献72

  • 1穆成坡,黄厚宽,田盛丰,林友芳,秦远辉.基于模糊综合评判的入侵检测报警信息处理[J].计算机研究与发展,2005,42(10):1679-1685. 被引量:49
  • 2LEE W,STOLFO S,MOK K. A data mining framework for adaptive intrusion detection[EB/OL]. http://www.cs.columbia.edu/~sal/ hpapers/framework.ps.gz.
  • 3LEE W, STOLFO S J, MOK K. Algorithms for mining system audit data[EB/OL]. http://citeseer.ist.psu.edu/lee99algorithms.html. 1999.
  • 4KRUEGEL C, TOTH T, KIRDA E.Service specific anomaly detection for network intrusion detection[A]. Proceedings of the 2002 ACM Symposium on Applied Computing[C]. Madrid, Spain, 2002. 201-208.
  • 5LIAO Y, VEMURI V R. Use of text categorization techniques for intrusion detection[A]. 11th USENIX Security Symposium[C]. San Francisco, CA, 2002.
  • 6An extensible stateful intrusion detection system[EB/OL]. http://www.cs.ucsb.edu/~kemm/NetSTAT/doc/index.html.
  • 7ILGUN K. USTAT: A Real-Time Intrusion Detection System for UNIX[D]. Computer Science Dep University of California Santa Barbara, 1992.
  • 8The open source network intrusion detection system [EB/OL]. http://www.snort.org/.
  • 9KO C, FINK G, LEVITT K. Automated detection of vulnerabilities in privileged programs by execution monitoring[A]. Proceedings of the 10th Annual Computer Security Applications Conference [C]. Orlando, FL: IEEE Computer Society Press, 1994. 134-144.
  • 10Computer security & other applications of immunology[EB/OL]. http://www.cs.unm.edu/~forrest/isa_papers.htm.

共引文献302

同被引文献15

引证文献3

二级引证文献4

解放军理工大学学报(自然科学版)
2009年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部