期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于数据挖掘和本体的入侵警报关联模型 被引量:5

Intrusion alert correlation model based on data mining and ontology
下载PDF
导出
摘要 为了突破入侵检测领域的原有瓶颈,提出了一种新的基于数据挖掘和本体的入侵警报关联模型。该模型通过对底层警报的聚类和分类,发现并且筛选攻击,然后根据已建立的基于本体的攻击知识模型,对这些攻击进行关联,以达到识别、跟踪和预测多步攻击的目的。通过对KDD Cup1999和DARPA 2000数据集的模拟实验,验证了模型的有效性。 With the gradual development of network application fields, the attack patterns have reached their delicacy and multi-steps from the coarse and simplistic pattern in their early days. In order to redeem the flaws of intrusion detection technology, an intrusion alert correlation model based on data mining and ontology (IACMDO) is proposed. IACMDO deals with underlayer alert through cluster and classification, and builds attack knowledge model by ontology, realizing the detection, tracing and predicting against multi-steps attack. The performance of traditional IDS is upgraded through simulations of KDD Cup 1999 and DAPRA 2000 datasets, which verifies the efficiency of the proposed alert correlation model.
作者 任维武 胡亮 赵阔
机构地区 吉林大学计算机科学与技术学院
出处 《吉林大学学报(工学版)》 EI CAS CSCD 北大核心 2015年第3期899-906,共8页 Journal of Jilin University:Engineering and Technology Edition
基金 国家自然科学基金项目(60873235) 新世纪杰出人才项目(NCET-06-0300) 吉林省科技发展计划项目(20080318)
关键词 计算机工程 入侵检测 入侵警报关联 数据挖掘 本体 computer engineering intrusion detection intrusion alert correlation data mining ontology
分类号 TP309.5 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献11

  • 1Valdes A,Skinner K. Probabilistic alert correlation [J]. Lecture Notes in Computer Science, 2001, 2212 : 54-68.
  • 2Dain O, Cunningham R K. Fusing a heterogeneous alert stream Into seenarios[J]. Advances in Infor mation Security,2002,6 : 103-122.
  • 3Debar H, Wespi A. Aggregation and correlation of intrusion detection alerts[J]. Lecture Notes in Com- puter Science, 2001,2212 : 85-103.
  • 4Cuppens F, Mi6ge A. Alert correlation in a coopera- tive intrusion detection framework[DB/OL]. [2013 06-23 ]. http://wenku, baidu, com/view/ blae3af6f61fb7360b4c6569, html.
  • 5Ning Peng,Cui Yun,Reeves D S. Analyzing inten- sive intrusion alerts via correlation [J]. Lecture Notes in Computer Science, 2002,2516 : 74-94.
  • 6诸葛建伟,徐辉,潘爱民.基于面向对象方法的攻击知识模型[J].计算机研究与发展,2004,41(7):1110-1116. 被引量:7
  • 7Undercofffer J, Joshi A, Pinkston J. Modeling com- puter attacks: an ontology for instrusion detection [J]. Lecture Notes in Computer Science, 2003, 2820:113-135.
  • 8Li Wan, Tian Sheng-feng. An ontology-based intru- sion alerts correlation system [J]. Expert Systems with Applications, 2010,57(10) : 7138-7146.
  • 9胡亮,任维武,任斐,刘晓博,金刚.基于改进密度聚类的异常检测算法[J].吉林大学学报(理学版),2009,47(5):954-960. 被引量:2
  • 10Pinkston J,Undercoffer J,Joshi A. A target centric ontology for intrusion detection[C]//18th Interna- tional Joint Conference on Artificial Intelligence, Acapulco, Mexico, 2004 : 9-15.

二级参考文献25

  • 1赵阔,胡亮,李博,孔令治,徐虹晶.基于CASL的入侵检测系统测试[J].吉林大学学报(信息科学版),2005,23(1):50-58. 被引量:5
  • 2Patcha A, Parka J M. An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technological Trends [J]. Computer Networks, 2007, 51(12): 3448-3470.
  • 3Wuu L C, Hung C H, Chen S F. Building Intrusion Detection Pattern Miner for Snort Network Intrusion Detection System [ J]. Journal of System and Software, 2007, 80(10) : 1699-1715.
  • 4Sharma A, Pujari A K, Paliwal K K. Intusion Detection Using Text Processing Techniques with a Kernel Based Similarity Measure [J]. Computer & Security, 2007, 26(7): 488-495.
  • 5Komninos N, Douligeris C. LIDF: Layered Intrusion Detection Framework for Ad-hoc Networks [ J]. Ad Hoc Networks, 2009, 7(1) : 171-182.
  • 6ZHANG Chun-lin, JIANG Ju, Kamel M. Intrusion Detection Using Hierarchical Neural Networks [ J]. Pattern Recognition Letters, 2005, 26 (6) : 779-791.
  • 7Avci D, Varol A. An Expert Diagnosis System for Classification of Human Parasite Eggs Based on Multi-class SVM [ J]. Expert Systems with Applications, 2009, 36( 1 ) : 43-48.
  • 8Luhr S, Lazarescu M. Incremental Clustering of Dynamic Data Streams Using Connectivity Based Representative Points [ J ]. Data & Knowledge Engineering, 2009, 68 ( 1 ) : 1-27.
  • 9Lai J Z C, Laiw Y C. Improvement of the K-Means Clustering Filtering Algorithm [ J ]. Pattern Recognition, 2008, 41(12) : 3677-3681.
  • 10Chuang Keh-shih, Jan Meei-ling, Wu J, et al. A Maximum Likelihood Expectation Maximization Algorithm with Thresholding [ J ]. Computerized Medical Imaging and Graphics, 2005, 29 (7) : 571-578.

共引文献7

同被引文献27

引证文献5

二级引证文献18

吉林大学学报(工学版)
2015年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部