| 利用模糊聚类实现入侵检测告警关联图的重构 |
| |
| 引用本文: | 马琳茹,杨 林,王建新,唐 鑫.利用模糊聚类实现入侵检测告警关联图的重构[J].通信学报,2006,27(9):47-52. |
| |
| 作者姓名: | 马琳茹 杨 林 王建新 唐 鑫 |
| |
| 作者单位: | 1. 国防科学技术大学,电子科学与工程学院,湖南,长沙,410073;总参第61研究所,北京,100039
2. 总参第61研究所,北京,100039 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 众多的入侵检测告警关联方法中,因果关联是最具代表性的方法之一。针对因果关联在一些条件下会引发关联图分裂的问题,提出利用模糊聚类的方法实现攻击场景重构。在聚类过程中,针对告警特性提出一种基于属性层次树的相似度隶属函数定义方法,并给出评价相似度度量和衡量攻击场景构建能力的若干指标。实验结果表明,该方法能够有效地组合分裂的关联图,重构攻击场景。
|
| 关 键 词: | 告警关联 攻击场景重建 模糊聚类 相似度隶属函数 |
| 文章编号: | 1000-436X(2006)09-0047-06 |
| 收稿时间: | 2006-01-13 |
| 修稿时间: | 2006-06-09 |
Using fuzzy clustering to reconstruct alert correlation graph of intrusion detection |
| |
| MA Lin-ru,YANG Lin,WANG Jian-xin,TANG Xin.Using fuzzy clustering to reconstruct alert correlation graph of intrusion detection[J].Journal on Communications,2006,27(9):47-52. |
| |
| Authors: | MA Lin-ru YANG Lin WANG Jian-xin TANG Xin |
| |
| Abstract: | Causal correlation method was one of the most representative methods for instruction detection alert correla-tion. In some conditions, the correlation graph would be split because of loss of causal information. In order to solve the problem, an algorithm was proposed to reconstruct attack scenario using fuzzy clustering. A new similarity membership function based on the attribute hierarchy tree was defined in the process of clustering. Furthermore, the evaluation method and indexes were put forward to describe the ability of reconstructing attack scenario. The experimental results indicate that this algorithm is valid to combine the split correlation graph and reconstruct attack scenario. |
| |
| Keywords: | alert correlation attack scenario reconstruction fuzzy clustering similarity membership function |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
|
