摘要
入侵检测系统是现今网络信息安全研究的热点,普通的网络入侵检测系统有较高的误报率,为了减少误报率并提高检测效率,首先在入侵检测系统的分析引擎中采用将异常检测和误用检测结合起来降低入侵检测系统的误报率和漏报率,然后再通过漏洞扫描引擎过滤入侵检测系统中无效警报再次降低误报率,最后通过响应界面报警.
Nowadays intrusion detection system is a focus in research on network information security, but network intrusion detection system has a high false alarm rate. In order to reduce the false alarm rate of network intrusion detection system and improve detection efficiency, anomaly detection and misuse detection were first combined in analysis engine of intrusion detection system to reduce the false alarm rate and omission rate, then filtered invalid alerts through vulnerability scanner to reduce false alarm rate again, and finally gave a warning by the response interface.
出处
《南京信息工程大学学报(自然科学版)》
CAS
2010年第1期88-91,共4页
Journal of Nanjing University of Information Science & Technology(Natural Science Edition)
基金
福建省教育厅项目(JB06119)
福建农林大学青年基金(07B21)
关键词
入侵检测系统
误报率
漏洞扫描
协作
intrusion detection system
false alarm rate
vulnerability scanning
collaboration
