| 入侵检测报警聚合与关联系统设计与实现 |
| |
| 引用本文: | 胡军,左明,杨松.入侵检测报警聚合与关联系统设计与实现[J].微计算机信息,2007,23(36):47-49. |
| |
| 作者姓名: | 胡军 左明 杨松 |
| |
| 作者单位: | 1. 中国矿业大学计算机科学与技术学院,江苏徐州,221008
2. 中国矿业大学网络中心,江苏徐州,221008 |
| |
| 摘 要: | 入侵检测系统的大部分报警事件之间都存在某种联系。通过对这些报警的聚合与关联能够消除或减少重复报警,降低误报率及发现高层多步攻击策略。论文设计并实现了一种报警聚合与关联系统,系统主要包括报警聚合、报警校验、多步攻击报警关联和报告分析与规则控制等部分。实验证明:该系统能够减少报警数量,并能识别攻击意图,达到预警的目的。
|
| 关 键 词: | 入侵检测 报警聚合 报警关联 报警校验 |
| 文章编号: | 1008-0570(2007)12-3-0047-03 |
| 收稿时间: | 2007-09-23 |
| 修稿时间: | 2007-11-05 |
Design and Implementation of Intrusion Detection Alerts Aggregation and Correlation System |
| |
| HU JUN,ZUO MING,YANG SONG.Design and Implementation of Intrusion Detection Alerts Aggregation and Correlation System[J].Control & Automation,2007,23(36):47-49. |
| |
| Authors: | HU JUN ZUO MING YANG SONG |
| |
| Abstract: | The alert events detected by Intrusion Detection System are usually interrelated in certain respects. Through aggregating and correlating of these alerts , the system can eliminate or reduce numbers of the same alerts , decrease false positive rate,and discover the high level multi-step attack policy. This paper presents an intrusion alerts aggregating and correlating system, which is mainly composed of aggregation analysis, alerts verification and multi-step attack correlatlon,etc. Experiments show that the system is effective in reducing the number of alerts.and can warn according to attack intention identified. |
| |
| Keywords: | Intrusion detection Alerts aggregation Alerts Correlation Alerts verification |
| 本文献已被 维普 万方数据 等数据库收录! |
|
