首页 | 本学科首页   官方微博 | 高级检索  
     

基于模糊综合评判的入侵检测报警信息处理
引用本文:穆成坡,黄厚宽,田盛丰,林友芳,秦远辉.基于模糊综合评判的入侵检测报警信息处理[J].计算机研究与发展,2005,42(10):1679-1685.
作者姓名:穆成坡  黄厚宽  田盛丰  林友芳  秦远辉
作者单位:北京交通大学计算机与信息技术学院,北京,100044
基金项目:国家自然科学基金项目(60442002);北京交通大学科技基金项目(2004SM010)
摘    要:提出一种基于模糊综合评判的方法来处理入侵检测系统的报警信息、关联报警事件,并引入有监督的确信度学习方法,通过确信度来对报警信息进行进一步的过滤.通过对这些技术手段的综合使用,力求降低误报率和重复报警,逐步减轻网络管理员的工作强度.这种模糊评判所实现的事件关联有助于发现入侵者的行为序列,为事件威胁分析和入侵响应决策打下了基础,并有利于将不同安全产品集成在一起,实现网络系统的立体防御.

关 键 词:入侵检测  报警关联  报警处理  模糊综合评判
收稿时间:2004-06-24
修稿时间:2004-06-242005-05-30

Intrusion-Detection Alerts Processing Based on Fuzzy Comprehensive Evaluation
Mu Chengpo,Huang Houkuan,Tian Shengfeng,Lin Youfang,Qin Yuanhui.Intrusion-Detection Alerts Processing Based on Fuzzy Comprehensive Evaluation[J].Journal of Computer Research and Development,2005,42(10):1679-1685.
Authors:Mu Chengpo  Huang Houkuan  Tian Shengfeng  Lin Youfang  Qin Yuanhui
Abstract:An algorithm based on fuzzy comprehensive evaluation for correlating the alerts produced by intrusion detection systems is presented. The paper also gives an approach to learn the confidence metric for each type of alerts, which can be used to filter alerts further. The false positive alerts and duplicate alerts can be reduced significantly by using both the correlation algorithm and the confidence learning method. Meanwhile, the working intensity of network administrators can be reduced gradually. In addition, the correlated alerts are helpful to capture the logical steps or strategies behind attacks and choose appropriate actions to stop ongoing attacks. It can be potentially used to integrate different kinds of security tools together in order to realize the goal of cooperative defence for network systems.
Keywords:intrusion detection  alert correlation  alert processing  fuzzy comprehensive evaluation
本文献已被 CNKI 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号