摘要
随着网络攻击以及网络流量的飞速增长,分析入侵检测系统产生的海量报警信息越来越困难。MapReduce是由Google提出的一个软件架构,用于大规模数据集(大于1TB)的并行运算,提出了一种基于MapReduce并行计算模型的报警聚合算法,用于执行高效的报警归并。最后使用DARPA 2000数据集,验证了本算法可以高效地聚合报警信息,大量减少冗余报警数量。
With the rapid growth of viruses,network attacks and the network traffic,analyzing the huge log and alert information generated by intrusion detection system would face the increasing challenges.The MapReduce programming model is inspired by Google and targets data-intensive parallel computations.The paper presents and implements a high-performance alert aggregation algorithm based on MapReduce parallel computing model.The experiment results on the DARPA 2000 dataset showed that this algorithm is effective and efficient.
出处
《信息技术》
2011年第4期85-88,92,共5页
Information Technology
