| 利用关联和风险评估方法减少误报和漏报 * |
| |
| 引用本文: | 赵彬,王亚弟,李立新,李鼎.利用关联和风险评估方法减少误报和漏报 *[J].计算机应用研究,2008,25(10):3105-3107. |
| |
| 作者姓名: | 赵彬 王亚弟 李立新 李鼎 |
| |
| 作者单位: | 解放军信息工程大学,郑州,450004 |
| |
| 基金项目: | 国防预研基金重点资助项目 ( 9140 A26010306 JB5201) |
| |
| 摘 要: | 高误报和漏报率是入侵检测系统面临的主要问题。提出了一种利用关联和风险评估的方法 ,利用构建的安全关联模型 ,计算出每个安全事件 (如告警事件、系统安全日志记录等 )的实时风险值 ,对风险值较高的事件给出新的警告 ,并摈弃那些风险值较低的事件 ,从而降低漏报和误报率。实验结果表明 ,利用这种方法实现的事件关联系统能够显著降低检测系统的误报和漏报率。
|
| 关 键 词: | 入侵检测 关联 风险评估 误报 漏报 |
Reducing false positive and false negative by correlation and risk assessment |
| |
| ZHAO Bin,WANG Ya-di,LI Li-xin,LI Ding.Reducing false positive and false negative by correlation and risk assessment[J].Application Research of Computers,2008,25(10):3105-3107. |
| |
| Authors: | ZHAO Bin WANG Ya-di LI Li-xin LI Ding |
| |
| Affiliation: | ( PLA Information Engineering University, Zhengzhou 450004, China) |
| |
| Abstract: | The main problems facing intrusion detection systems are high false positive rate and false negative rate. This paper proposed a correlation and risk assessment approach to solve these problems, which exploited constructed security correlation model to compute real-time risk for every security event( such as alert, operating system log record, and so on) , and gave out new alerts for high risk events while discard low risk ones so as to reduce false positive and false negative rate. The initial test results of event correlation system show that this approach dramatically reduces the rate of false positive and false negative rate of intrusion detection systems. |
| |
| Keywords: | intrusion detection correlation risk assessment false positive false negative |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
|
