摘要
该文从网络入侵检测系统(NIDS)的工作原理、配置策略和警报格式三方面对其重复警报信息量大、误报多的原因进行了详细分析,指出了因此带来的危害。提出利用对警报信息的关联分析方法来调整IDS的配置策略和确定攻击行为,并结合分析的结论和漏洞扫描的结果对网络配置状况进行了重新评估,指出网络中存在的问题,使网络安全管理员及时解决问题,加固系统,提高了网络入侵检测系统的准确性、实用性。
The paper analyzes the reasons and damages of magnitude alerts and false positive of Network Intrusion Detection System(NIDS)from the principle,configuration strategies and the form of alerts.It is proposed to tune the configuration strategies and ascertain the attacks via correlation analyzing the Network Intrusion Detection System alerts.The configuration of network is reevaluated by analyzing the conclusion of Correlation analysis and vulnerability scan,and the problem in the network is pointed out to make the system administrator deal with it in time and improve the security of computer.All in all,the means in the paper make the Network Intrusion Detection System more accurate and more practical.
出处
《计算机工程与应用》
CSCD
北大核心
2003年第19期14-16,114,共4页
Computer Engineering and Applications
基金
国家973重点基础研究发展规划项目(编号:G1999035806)
中国科学院知识创新工程重大项目(编号:KJCX1-09)
关键词
入侵检测系统
关联分析
相关性
模式匹配
Intrusion Detection System,Correlation analysis,Correlation,Pattern Matching