| 基于报警序列的入侵场景自动构建 |
| |
| 引用本文: | 郭帆,涂风涛,余敏. 基于报警序列的入侵场景自动构建[J]. 计算机应用, 2009, 29(8) |
| |
| 作者姓名: | 郭帆 涂风涛 余敏 |
| |
| 作者单位: | 江西师范大学,计算机信息工程学院,南昌,330022;南昌师范高等专科学校,计算机系,南昌,330006 |
| |
| 基金项目: | 国家重点基础研究发展规划(973计划),江西师范大学博士基金 |
| |
| 摘 要: | 传统的入侵检测系统(IDS)由于其规则的抽象程度较低,导致一次攻击行为会产生大量重复和相关报警.研究表明,入侵场景可提供较高层次的抽象来表示攻击过程,但是已有研究方法均无法在线生成入侵场景.提出一种自动构建入侵场景的方法,将原始报警按照(源,目标)IP对和优先级分类成不同超报警序列集合,从中挖掘频繁闭序列作为入侵场景.在Darpa数据集上的实验表明,该方法可以满足在线运行,并可有效发现攻击过程.
|
| 关 键 词: | 入侵检测 入侵场景 超报警序列 频繁闭序列 |
Automatic intrusion scenario construction by mining hyper-alert sequences |
| |
| GUO Fan,TU Feng-tao,YU Min. Automatic intrusion scenario construction by mining hyper-alert sequences[J]. Journal of Computer Applications, 2009, 29(8) |
| |
| Authors: | GUO Fan TU Feng-tao YU Min |
| |
| Affiliation: | 1. College of Computer Information and Engineering;Jiangxi Normal University;Nanchang Jiangxi 330022;China;2. Department of Computer Science;Nanchang Normal Institute;Nanchang Jiangxi 330006;China |
| |
| Abstract: | Traditional Intrusion Detection System (IDS) always produces a great number of raw alerts for the same attack, due to lower abstract representation of the detection rules. Researchers use intrusion scenarios to describe complicated attack procedures at a high abstract level, while, to our best knowledge, none is able to produce the scenarios online. An automatic intrusion scenario construction method was proposed. According to the attributes of the raw alerts, the method firstly clustered them into differen... |
| |
| Keywords: | intrusion detection intrusion scenario hyper-alert sequence frequent closed sequence |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
