共查询到20条相似文献,搜索用时 46 毫秒
1.
本文深入研究警报关联处理技术的现状展开了,分析现有关联技术的原理并据此进行分类,比较和分析各类方法的优缺点,总结需要解决的问题及进一步研究的方向。 相似文献
2.
3.
针对分布式入侵检测和网络安全预警所需要解决的问题,文章对多传感器数据融合技术进行了研究.在分析IDS警报信息之间的各种复杂关系的基础上,提出了一个警报信息实时融合处理模型,并根据该模型建立警报信息融合处理系统.实时融合来自多异构IDS传感器的警报信息,形成关于入侵事件的攻击序列图,并在此基础上进行威胁评估及攻击预测.该模型中拓展了漏报推断功能,以减少漏报警带来的影响,使得到的攻击场景更为完整.实验结果表明,根据该模型建立的融合处理系统应用效果好,具有很高的准确率和警报缩减率. 相似文献
4.
入侵检测是保障网络安全的重要手段。对入侵检测系统产生的警报信息进行关联分析已经成为改善入侵检测系统检测性能的一个重要的、实际可行的手段。本文提出了一种分布式入侵检测警报数据关联模型,模型通过警报数据聚类和高层事件关联消除或减少重复警报,降低误警率,发现高层攻击策略。最后给出了警报聚类关联实现算法,该算法通过警报数据相似度的计算来实现警报聚类。 相似文献
5.
基于LRE算法的入侵检测警报分析系统的研究 总被引:1,自引:0,他引:1
针对目前关联规则挖掘算法在处理海量数据的过程中存在的效率问题,提出了一个改进的关联规则挖掘算法——基于一维链表的递归约减挖掘算法LRE,并将LRE算法应用到入侵检测系统中,设计了一个入侵警报分析系统模型,最后,通过实验证明了LRE算法在减少入侵警报的数量和降低误报率方面的有效性。 相似文献
6.
7.
9.
10.
在软件开发过程中,软件缺陷具有传播的特性.缺陷的传播特性决定了缺陷之间并非独立存在,而存在相互关联,因此软件缺陷关联分析对于缺陷排除、软件质量保证、过程改进具有重要的意义.从软件缺陷关联的原因出发,基于面向对象的分析与设计模型,分析了软件缺陷的传播过程,研究了对象关联与软件缺陷关联之间的关系;依据缺陷的传播过程,建立了树状关联规则和特征相似关联规则;最后阐述了建立两种关联规则的步骤,开发了构建树状关联与特征相似关联的软件原型. 相似文献
11.
12.
Sandra Carpenter Michael Shreeves Payton Brown Feng Zhu Mini Zeng 《International journal of human-computer interaction》2018,34(11):1077-1084
The objective of this research was to identify aspects of warnings that will reduce online disclosure of personal information, specifically aspects that people do not consider sensitive. The vast majority of online commercial websites collect personal data, and many consumers report cybercrime events, such that identity theft is a significant risk. Most people can be uniquely identified by the combination of their birth date, age, and gender. This is problematic, since people do not believe these identity elements to be important to safeguard. Participants were asked to provide personal information to receive an online insurance quote. Participants in experimental conditions were warned not to disclose their date of birth. The experimental manipulations were (a) the vividness of the warnings and (b) whether an alternative to disclosure was recommended. Analyses indicated that providing an alternative to disclosure proved to be an effective strategy to reduce disclosure. Personal information disclosure can be reduced through warnings, but warnings need to be carefully designed and tested. Clear recommendations for alternative behavior may be especially effective. Designers of warnings and alerts can use the principles identified in this research to make their messages more effective. 相似文献
13.
14.
15.
缓冲区溢出漏洞是一类严重的安全性缺陷。目前存在动态测试和静态分析技术来检测缓冲区溢出缺陷:动态测试技术的有效性取决于测试用例的设计,而且往往会引入执行开销;静态分析技术及自动化工具已经被广泛运用于缓冲区溢出缺陷检测中,然而静态分析由于采取了保守的策略,其结果往往包含数量巨大的误报,需要通过进一步人工确认来甄别误报,但人工确认静态分析的结果耗时且容易出错,严重限制了静态分析技术的实用性。符号执行技术使用符号代替实际输入,能系统地探索程序的状态空间并生成高覆盖度的测试用例。本文提出一种基于目标制导符号执行的静态缓冲区溢出警报确认方法,使用静态分析工具的输出结果作为目标,制导符号执行确认警报。我们的方法分为3步:首先在过程间控制流图中检测静态分析警报路径片段的可达性,并将可达的警报路径片段集合映射为用于确认的完整确认路径集合;其次在符号执行中通过修剪与溢出缺陷疑似语句无关的路径,指导符号执行沿特定确认路径执行;最后在溢出缺陷疑似语句收集路径约束并加入溢出条件,通过约束求解的结果,对静态分析的警报进行分类。基于上述方法我们实现了原型工具BOVTool,实验结果表明在实际开源程序上BOVTool能够代替人工减少检查59.9%的缓冲区溢出误报。 相似文献
16.
《Ergonomics》2012,55(11):2155-2163
Warnings in the workplace are analysed from the global perspective that they are not a substitute for, but rather a supplement to, good product design, employee selection, training, job design, supervision, and the provision of other forms of safety information including written procedures and checklists. An explanation is given for when and why these latter approaches will be more effective for reducing both errors and violations. Situations where warnings will be useful and further areas of research are also discussed. 相似文献
17.
内存泄漏是C/C++程序的一种常见的、难以发现的缺陷,一直困扰着软件开发者,尤其是针对长时间运行的程序或者系统软件,内存泄漏的后果十分严重.针对内存泄漏的检测,目前主要有静态分析和动态测试两种方法.动态测试实际运行程序,具有较大开销,同时依赖测试用例的质量;静态分析技术及自动化工具已经被学术界和工业界广泛运用于内存泄漏缺陷检测中,然而由于静态分析采取了保守的策略,其结果往往包含数量巨大的误报,需要通过进一步人工确认来甄别误报,但人工确认静态分析的结果耗时且容易出错,严重限制了静态分析技术的实用性.本文提出了一种基于混合执行测试的静态内存泄漏警报的自动化确认方法.首先,针对静态分析报告的目标程序中内存泄漏的静态警报,对目标程序进行控制流分析,并计算警报的可达性,形成制导信息;其次,基于警报制导信息对目标程序进行混合执行测试;最后,在混合执行测试过程中,监控追踪内存对象的状态,判定内存泄漏是否发生,对静态警报进行动态确认并分类.实验结果表明该方法可以对静态内存泄漏警报进行有效的分类,显著降低了人工确认的工作量.实验详情参见:http://ssthappy.github.io/memleak/. 相似文献
18.
Sandra Carpenter Feng Zhu Mini Zeng Michael Shreeves 《International journal of human-computer interaction》2017,33(3):215-228
Identity theft is an increasing threat to individuals, institutions, and the economy. People are often not adequately cautious with the disclosure of their personal information in digital contexts and may make poor decisions to reveal private information. Warnings reduce unnecessary information exposure, but the effectiveness may depend on source credibility and expertise on influencing risk perceptions and attitudes. The warnings must be designed for users acting in a digital context. The current research was conducted to determine whether adding a trustworthy and expert source to a message that warned individuals not to disclose their personal information would impact decisions to disclose. First, a survey (pilot study) was conducted to identify the source considered the most trustworthy (among Google, FBI Cyber Division, and Department of Justice) and competent with respect to online security. Google received the highest ratings. In a later experiment, warnings with sources did reduce the extent of disclosure, with the FBI Cyber Division (not Google) being the most effective source. The results indicate that warnings need to be tested with respect to the actual target behavior (in this case, disclosure), rather than relying on individuals’ perceptions of trust, risk, or influence of a warning message when designing effective warnings. 相似文献
19.
Disaster Warnings in Your Pocket: How Audiences Interpret Mobile Alerts for an Unfamiliar Hazard 
下载免费PDF全文
下载免费PDF全文 Hamilton Bean Brooke F. Liu Stephanie Madden Jeannette Sutton Michele M. Wood Dennis S. Mileti 《突发事故与危机管理杂志》2016,24(3):136-147
This study investigates how people interpret Wireless Emergency Alerts (WEAs) and Twitter‐length messages (‘tweets’) delivered over mobile devices for an unfamiliar hazard. Specifically, through four (N = 31) focus groups and 31 think‐out‐loud interviews, participants’ understanding of, belief in and personalisation of WEAs and tweets were assessed for a mock improvised nuclear device detonation in a major U.S. metropolitan area. While participants offered a wide variety of interpretations, WEAs and tweets were often deemed confusing, difficult to believe and impersonal. Participants also consistently found WEAs and tweets to be fear inducing and uninformative. The findings compel improvements in the way that WEAs and tweets are currently written, as well as indicate future directions for applied risk and crisis communication theory development. 相似文献
20.
Ross Buck Mohammad Khan Michael Fagan Emil Coman 《International journal of human-computer interaction》2018,34(1):25-34
We measured reported User Affective Experience (UAX) anticipated to pop-up warnings that unexpectedly appear during computer use. Such warnings, designed to protect the user, are often ignored, suggesting the influence of nonrational factors. Emotions can both enhance and undermine effective decision-making, but in the decision literature they are typically defined and measured simply in terms of positive and negative valence. We examined discrete emotions anticipated when pop-up warnings appear, including specific positive, negative, individualist, and prosocial emotions based upon affective neuroscience. Forty-five emotions associated with receiving warnings associated with failing to update software, both in relaxed online sessions and sessions involving time and attention pressures, were assessed for underlying measurement structure. Four hundred participants were recruited via Mechanical Turk and reported about specific emotions presented in random order. Exploratory structural equation modeling analyses revealed four reliable latent factors for relaxed (R) and pressured (P) conditions: Positive Affect, Anxiety, Hostility, and Loneliness. P conditions were higher in reported Anxiety, Hostility, and Loneliness and lower in reported Positive Affect. Men reported higher feelings of Hostility and Loneliness; women reported higher Anxiety. Implications are discussed for designing pop-up warnings and also more generally regarding conceptualizing and measuring user experience. 相似文献