摘要
为了合理地解决入侵检测系统的误报率和无关报警率过高的问题,提出一种基于直觉模糊综合评判的多源告警验证方法.该方法将直觉模糊综合评判理论引入告警验证领域,并针对传统方法利用单一信息对告警判断效果不明显的问题,建立了多源多层评判因素集合.同时,给出了各评判因素隶属度和非隶属度的建立方法.最后,通过实例验证了该方法的有效性.
To reduce the false positive alerts and non-relevant positive of intrusion detection systems, a technique of Multi-source alert verification is proposed based on Intuitionistic Fuzzy comprehensive evaluation. The technique broaches Intuitionistic Fuzzy comprehensive evaluation to alert verification. And to the shortcomings of traditional methods which can not verify alerts, Multi-source and multi-level evaluation factor sets are established. Moreover, the paper proposes how the membership and nonmembership functions of evaluation factor sets are set up. At last, the validity and superiority of the technique proposed is checked with an classical instance.
出处
《小型微型计算机系统》
CSCD
北大核心
2011年第7期1344-1347,共4页
Journal of Chinese Computer Systems
基金
国家自然科学基金项目(60773209)资助
关键词
入侵检测
直觉模糊综合评判
告警验证
判决矩阵
intrusion detection
intuitionistic fuzzy comprehensive evaluation
alert verification
judgment array
