| 网络入侵报警信息实时融合处理模型 |
| |
| 引用本文: | 段祥雯,杨兵,张怡.网络入侵报警信息实时融合处理模型[J].计算机工程与应用,2012,48(13):57-62,104. |
| |
| 作者姓名: | 段祥雯 杨兵 张怡 |
| |
| 作者单位: | 国防科学技术大学计算机学院,长沙,410073 |
| |
| 基金项目: | 国家自然科学基金(No.61003303);国家高技术研究发展计划(863)(No.2009AA01Z432) |
| |
| 摘 要: | 针对分布式入侵检测和网络安全预警所需要解决的问题,对多传感器数据融合技术进行了研究。在分析IDS警报信息之间的各种复杂关系的基础上,提出了一个警报信息实时融合处理模型,并根据该模型建立警报信息融合处理系统。实时融合来自多异构IDS传感器的警报信息,形成关于入侵事件的攻击序列图,在此基础上进行威胁评估及攻击预测。该模型拓展了漏报推断功能,以减少漏报警带来的影响,使得到的攻击场景更为完整。实验结果表明,根据该模型建立的融合处理系统应用效果好,具有很高的准确率和警报缩减率。
|
| 关 键 词: | 入侵检测 警报关联 警报融合 |
Model of network intrusion alerts real-time fusion |
| |
| DUAN Xiangwen
,
YANG Bing
,
ZHANG Yi.Model of network intrusion alerts real-time fusion[J].Computer Engineering and Applications,2012,48(13):57-62,104. |
| |
| Authors: | DUAN Xiangwen YANG Bing ZHANG Yi |
| |
| Affiliation: | School of Computer Science, National University of Defense Technology, Changsha 410073, China |
| |
| Abstract: | To resolve the problem which distributed intrusion detection and network attack warning system has to confront, multi-sensor data fusion techniques are studied. Based on the analysis of various complex relationships of IDS alerts, this paper presents an alerts information real-time fusion model. An alerts information real-time fusion system based on it is realized, which can real-time fuse alarms from various heterogeneous IDS sensors, generate attack sequence view about intrusion, evaluate threaten and predict potential attacks. Furthermore, the function of reasoning false negative is introduced, which aims at reduce adverse effects of missed alerts and builds more integrated attack scenarios. Experimental results show that the real-time fusion system on this model works effectively, it has high accuracy and high alarm reduction rate. |
| |
| Keywords: | intrusion detection alert correlation alert fusion |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
