期刊文献+

基于时间对抗的网络报警深度信息融合方法 被引量:6

Network alerts depth information fusion method based on time confrontation
下载PDF
导出
摘要 针对目前网络报警信息融合方法仅以单时间点为处理单元,无法适应网络攻击逐渐呈现出的隐蔽性强、持续时间长等特点,提出一种基于时间对抗的网络报警深度信息融合方法。面对多源异构报警数据流,首先采集并保存当前一个较长时间窗口内的报警信息,然后利用基于滑动窗口的流聚类算法对报警信息进行聚类,最后引入窗口衰减因子对聚类后的报警进行深度融合。真实数据的实验结果显示,与基本DS证据理论(Basic-DS)和指数加权DS证据理论(EWDS)融合方法方法相比,该方法有较高的检测率和较低的误检率,但因为采用了更长的时间窗口,精简率上略低;实际测试与性能分析也表明,该算法的时延较小,能更加有效地检测网络攻击,且能完成实时处理。 Due to using a single point in time for the processing unit, current network alerts information fusion methods cannot adapt to the network attacks with high concealment and long duration. Aiming at this problem, a network alerts depth information fusion method based on time confrontation was proposed. In view of multi-source heterogeneous alerts data flow,firstly, the alerts were collected and saved in a long time window. Then the alerts were clustered using a clustering algorithm based on sliding window. Finally, the alerts were fused by introducing window attenuation factor. The experimental results on real data set show that, compared with Basic-DS and EWDS( Exponential Weight DS), the proposed method has higher True Positive Rate( TPR) and False Positive Rate( FPR) as well as lower Data to Information Rate( DIR) because of longer time window. Actual test and theoretical analysis show that the proposed method is more effective on detecting network attacks, and can satisfy real-time processing with less time delay.
机构地区 信息工程大学
出处 《计算机应用》 CSCD 北大核心 2016年第2期499-504,共6页 journal of Computer Applications
基金 国家自然科学基金资助项目(61309013)~~
关键词 异构数据流 网络报警 深度信息融合 时间对抗 衰减因子 heterogeneous data flow network alert depth information fusion time confrontation attenuation factor
  • 相关文献

参考文献12

  • 1GROUP N. 2014 Global Threat intelligence report [R/OL]. [2014-03-27]. https://us.query.ntt.com/en/resources/white-papers/global-threat-intelligence-report.html.
  • 2Verizon. 2013 Data Breach Investigations Report [R/OL]. [2013-04-23]. http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf.
  • 3穆成坡,黄厚宽,田盛丰,林友芳,秦远辉.基于模糊综合评判的入侵检测报警信息处理[J].计算机研究与发展,2005,42(10):1679-1685. 被引量:49
  • 4FATEMEH K, BEHZAD A. Automatic learning of attack behavior patterns using Bayesian[C]//IST 2012: Proceedings of the 2012 International Symposium on Telecommunications. Washington, DC: IEEE Computer Society, 2012: 999-1004.
  • 5ALIJABAR R, KOUROSH D A, ALI JI. Multi-level fusion to improve threat pattern recognition in cyber defense[J]. Journal of Mathematics and Computer Science, 2014, 8(2014): 398-410.
  • 6梅海彬,龚俭.多IDS环境中基于可信度的警报关联方法研究[J].通信学报,2011,32(4):138-146. 被引量:8
  • 7TIAN Z, FANG B. A vulnerability-driven approach to active alert verification for accurate and efficient intrusion detection[J]. WSEAS Transactions on Communications, 2005, 4(10): 1002-1009.
  • 8韦勇,连一峰,冯登国.基于信息融合的网络安全态势评估模型[J].计算机研究与发展,2009,46(3):353-362. 被引量:165
  • 9刘靖,刘建伟,张铁林,陈建华,刘芋存.安全报警融合环境中信息的关联[J].计算机工程与应用,2011,47(25):107-111. 被引量:2
  • 10何肖慧,田盛丰,穆成坡,等.分布式入侵检测环境中报警信息整合模型的设计与实现[J].计算机科学,2006,33(11):266-269.

二级参考文献38

共引文献417

同被引文献47

引证文献6

二级引证文献17

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部