利用入侵行为关联性降低异常检测的误报

Using relevance of intrusions to reduce false positives in anomaly detection

下载PDF

导出

摘要针对异常检测具有较高的误报率的缺点,提出一种降低误报的算法。该算法基于入侵活动须依赖多种行为相互配合来完成的特点,对于出现异常行为的用户,在异常行为还不足以认定为入侵的情况下,为防止误报,通过分析用户在一段时间内的后续行为是否存在配合实施入侵的可能来综合推断用户是否为入侵者,从而达到降低误报的目的。 Aimed at the shortcomings of anomaly detection for a high false positive rate,an algorithm is proposed to reduce false positives.This algorithm is based on the invasion of activities must rely on a variety of acts with each other to complete the characteristics of abnormal behavior for the user.When the abnormal behavior is not enough to confirm the case for the invasion,to prevent false positives,by analyzing the user within a period of time existence of an act with the implementation of follow-up to the invasion possible to infer the user whether a comprehensive intruders,the purpose of reducing false positives is realized.

作者张宇鹏郝林

机构地区云南大学信息学院

出处《计算机工程与设计》 CSCD 北大核心 2010年第11期2427-2429,2535,共4页 Computer Engineering and Design

基金国家自然科学基金项目(60573104)

关键词异常检测误报报警关联入侵行为关联性模拟退火算法 anomaly detection false positives alert correlation relevance of intrusions simulated annealing algorithm

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献12

1Stefan Axelsson.The base-rate fallacy and its implications for the intrusion detection [C]. Singapore: Proceedings of the 6th ACM Conference on Computer and Communications Security, Kent Ridge Digital Labs,1999:1-7.
2Ning P, Xu D.Learning attack strategies from intrusion alerts[C]. Washington DC:Proceedings of the 10th ACM Conference on Computer and Communication Security,2003:200-209.
3Ning P, Cui Y, Reeves D S,et al.Techniques and tools for analyzing intrusion alerts[J].ACM Transactions on Information and System Security,2004,7(2):274-318.
4Richard Stiennon.Intrusion detection is dead-long live intrusion prevention [R]. http://www.sans.org/rr/papers/index.php? id= 1028,2003-06-11.
5Cuppens F Miege.Alert correlation in a cooperative intrusion detection framework [C]. Oakland, CA: The IEEE Symposium on Security and Privacy, 2002:12-15.
6Ning P, Xu DB, Healey CG, et al. Building Attack Scenarios through Integration of Complementary Alert Correlation Methods[C]. Proceedings of the 11th Annual Network and Distributed System Security Symposium,2004:97-111.
7Pietraszek T.Using adaptive alert classification to reduce false positives in intrusion detection[C].Proceedings of the Symposium on Recent Advances in Intrusion Detection, 2004:102-124.
8Kruegel C,Robertson W.Alert verification: Determining the success of intrusion attempts [C]. Dortmund, Germany: Proc of the DIMVA'04,2004:25-38.
9Qin X, Lee W.Statistical causality analysis of infosec alert data [C].Pittsburgh, PA:Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection,2003:73-93.
10Templeton S J,Levitt K.A requires/provides model for computer attacks[C].Cork Ireland:Proceedings of the New Security Paradigms Workshop,2000:31-38.

1楚国玉,姜瑛,赵宏.基于隐马尔科夫模型的移动应用端行为模式识别[J].价值工程,2016,35(19):173-175. 被引量：2
2中信银行总行营业部应用深信服上网行为管理[J].信息方略,2010(10):20-20.
3张晓滨,李园园,郭斌.基于情景感知与约束的移动用户序列行为研究[J].计算机工程与应用,2015,51(19):138-140. 被引量：1
4张润莲,武小年.基于信任约束的用户安全管理[J].计算机应用,2010,30(9):2383-2385.
5武小年,张润莲,周胜源.一种基于实体行为风险评估的信任计算方法[J].计算机应用,2009,29(5):1305-1307. 被引量：2
6形创举行新品牌发布暨十周年庆典[J].现代制造,2012(17):32-32.
7张国锋,李祖枢.战斗行为情绪机制[J].计算机工程与应用,2009,45(18):28-31. 被引量：2
8黎其武,武良军.网络钓鱼犯罪问题研究[J].信息网络安全,2011(4):56-58. 被引量：6

计算机工程与设计

2010年第11期

浏览历史

内容加载中请稍等...

利用入侵行为关联性降低异常检测的误报

参考文献12

相关作者

相关机构

相关主题

浏览历史