摘要
针对现有的网络入侵检测系统中Snort报警数据聚合方法数据读取方法单一,存在相似度计算可靠性不高的问题,提出了一种基于角标随机读取的Snort报警数据聚合方法。该方法打破了常规的数据顺序读取方式,采用角标随机读取算法实现报警数据按月分段,并且段内随机聚合比较,从而灵活计算相邻报警数据的属性相似度。通过搭建真实数据采集平台对该方法进行了验证,并与相关研究工作进行了比较。实验结果表明,该方法能提高Snort报警数据聚合率和系统检测率,降低系统误报率。
Aiming at the problems that the Snort alarm data aggregation method in the existing network intrusion detection system is too unitary and has a low reliability in similarity computation,a Snort alarm data aggregation algorithm based on random read of angle marks is proposed.This method breaks through the conventional data sequential reading method,uses the Marker Random Reading algorithm to realize alarm data segmentation by month,and randomly aggregates and compares in every segment,so that the attribute similarity of adjacent alarm data can be flexibly calculated.This method was verified by constructing a real data acquisition platform and compared with related research work.Experimental results show that this method effectively improves Snort alarm data aggregation rate and detection rate of system,and reduces the false alarm rate of system.
作者
陶晓玲
周理胜
龚昱鸣
TAO Xiaoling;ZHOU Lisheng;GONG Yuming(School of Computer Science and Engineering,Guilin University of Electronic Technology,Guilin 541004,China;Guangxi Colleges and Universities Key Laboratory of Cloud Computing and Complex Systems,Guilin University of Electronic Technology,Guilin 541004,China;School of Information and Communication,Guilin University of Electronic Technology,Guilin 541004,China)
出处
《桂林电子科技大学学报》
2019年第4期299-306,共8页
Journal of Guilin University of Electronic Technology
基金
国家自然科学基金(61363006)
广西自然科学基金(2016GXNSFAA380098)
广西科技重点研发计划(桂科AB17195045)
桂林电子科技大学研究生教育创新计划(2016JYCX94)
