共查询到20条相似文献,搜索用时 62 毫秒
1.
针对分布式入侵检测和网络安全预警所需要解决的问题,对多传感器数据融合技术进行了研究。在分析IDS警报信息之间的各种复杂关系的基础上,提出了一个警报信息实时融合处理模型,并根据该模型建立警报信息融合处理系统。实时融合来自多异构IDS传感器的警报信息,形成关于入侵事件的攻击序列图,在此基础上进行威胁评估及攻击预测。该模型拓展了漏报推断功能,以减少漏报警带来的影响,使得到的攻击场景更为完整。实验结果表明,根据该模型建立的融合处理系统应用效果好,具有很高的准确率和警报缩减率。 相似文献
2.
针对分布式入侵检测和网络安全预警所需要解决的问题,文章对多传感器数据融合技术进行了研究.在分析IDS警报信息之间的各种复杂关系的基础上,提出了一个警报信息实时融合处理模型,并根据该模型建立警报信息融合处理系统.实时融合来自多异构IDS传感器的警报信息,形成关于入侵事件的攻击序列图,并在此基础上进行威胁评估及攻击预测.该模型中拓展了漏报推断功能,以减少漏报警带来的影响,使得到的攻击场景更为完整.实验结果表明,根据该模型建立的融合处理系统应用效果好,具有很高的准确率和警报缩减率. 相似文献
3.
4.
就单一传统入侵检测系统而言,其异构性和自治性使得针对同一攻击行为产生的警报,在包含内容、详略程度、不确定性等方面存在很大的差异,导致大量重复性警报涌现.而这些大量、重复的警报信息不仅影响了入侵检测系统的性能,又不能体现出完整的黑客入侵过程.为了有效地分析和处理入侵警报,提出了一种入侵场景构建模型--BPCRISM,其能够利用警报的检测时间属性的接近程度将警报关联分为两大类:警报概率关联和警报因果关联,然后给出了概率关联和因果关联的算法,并从关联的警报信息中分辨出完整的黑客攻击流程和重构出入侵场景.初步实现该模型后,使用DARPA Cyber Panel Program Grand Challenge Problem Release 3.2(GCP)入侵场景模拟器进行了测试,实验结果验证了该模型的有效性. 相似文献
5.
入侵检测是保障网络安全的重要手段。对入侵检测系统产生的警报信息进行关联分析已经成为改善入侵检测系统检测性能的一个重要的、实际可行的手段。本文提出了一种分布式入侵检测警报数据关联模型,模型通过警报数据聚类和高层事件关联消除或减少重复警报,降低误警率,发现高层攻击策略。最后给出了警报聚类关联实现算法,该算法通过警报数据相似度的计算来实现警报聚类。 相似文献
6.
杜敏 《计算机与信息技术》2010,(Z1)
为了提高分布式入侵检测模型中报警的可信性,本文提出了一种基于多源告警事件关联的入侵检测模型。该模型通过对警报数据的过滤、归约、融合和多源告警事件关联,减少重复警报,降低误警报率,提高检测准确度。 相似文献
7.
警报数据的分析是入侵检测系统的重要功能之一。本文主要研究了警报数据的分析模型和关键技术。根据警报数据在实际应用中所处的位置和语义层次,提出了警报数据的层次分析模型,研究了实时警报归约算法、基于文本聚类的警报融合方法和基于朴素贝叶斯分类的警报关联分析方法等关键技术。上述模型和方法可以有效地降低警报数据量,精炼分析结果,提供威胁分析报告。 相似文献
8.
基于LRE算法的入侵检测警报分析系统的研究 总被引:1,自引:0,他引:1
针对目前关联规则挖掘算法在处理海量数据的过程中存在的效率问题,提出了一个改进的关联规则挖掘算法——基于一维链表的递归约减挖掘算法LRE,并将LRE算法应用到入侵检测系统中,设计了一个入侵警报分析系统模型,最后,通过实验证明了LRE算法在减少入侵警报的数量和降低误报率方面的有效性。 相似文献
9.
以典型的醋酸乙烯化工过程模型数据和英国石油Kwinana炼油厂实际警报数据为基础,研究了化工过程中通过发掘关联警报标签集来支持合理化的报警设置,提出了依据交叉效果测试来进行事件分割和数据过滤。 相似文献
10.
为解决IDS产生大量相似的或无用的告警信息的问题,需要应用告警融合技术对告警信息进行处理。在已有的算法基础上设计了一种告警合成算法。有效地减少了无用警报的数量,又保持了警报处理的及时性,为后期的关联工作做好了准备。 相似文献
11.
黑霞丽 《计算机应用与软件》2008,25(4):265-268
目前的入侵检测技术本身存在着缺陷,比如特征检测中规则库不完备,异常检测模型中模型与实际攻击不完全符合等.由这些缺陷而导致的误报和漏报是制约其发展的重要瓶颈.Honeypot/net是一种新的安全技术,通过部署蜜罐收集攻击信息,再把这些信息加以整理传送给IDS,可以弥补入侵检测技术的一些缺点,从而降低IDS的误报率和漏报率.分析了这一设想的可行性,并提出了设计方案.此方案中包括一个Honeynet Software,它联系Honeynet 控制台和NIDS控制台,完成其中提取新模式、传递攻击信息等功能.并利用DARPA(1999)数据集对系统进行了评测,结果表明其在DOS、PROBE、U2R及U2L几个类型攻击方面与其他NIDS相比有着较低的误报率;通过对几个检测实例的分析,说明了这一系统在检测新型攻击、加密后的攻击、DDoS方面比原NIDS有较大的优势. 相似文献
12.
简要介绍地音探测器的基本原理,SN-4数字检波器的频率特性。重点对地音探测器的报警信号处理技术进行了较为详细地论述,给出了消除误报警的实现方法,以及采用鉴别器抑制同频干扰的技术措施。 相似文献
13.
简要介绍地音探测器的基本原理,SN-4数字检波器的频率特性。重点对地音探测器的报警信号处理技术进行了较为详细地论述,给出了消除误报警的实现方法,以及采用鉴别器抑制同频干扰的技术措施。 相似文献
14.
15.
This paper describes a fingerprint verification algorithm based on the orientation field. The orientation field of a fingerprint image has also been used for image alignment. Area around the core point has been employed as an area of interest for determining the orientation feature map. The algorithm has been tested on two databases (database available from University of Bologna, Biometrics Laboratory and FVC2002). The performance of the algorithm is measured in terms of receiver operating characteristics (ROC). For the University of Bologna database, at ∼0% false acceptance rate (FAR) the genuine acceptance rate (GAR) observed is ∼78% and at ∼11% FAR, GAR is ∼97%. For the FVC2002 database at ∼0% FAR the GAR observed is 75% and at ∼18% FAR, GAR is 93%. Proposed algorithm yields better GAR at low FAR with reduced computational complexity. Because of simplicity in computations the algorithm can be easily implemented as an embedded automatic fingerprint identification system (AFIS). 相似文献
16.
Multivariate outlier identification requires the choice of reliable cut-off points for the robust distances that measure the discrepancy from the fit provided by high-breakdown estimators of location and scatter. Multiplicity issues affect the identification of the appropriate cut-off points. It is described how a careful choice of the error rate which is controlled during the outlier detection process can yield a good compromise between high power and low swamping, when alternatives to the Family Wise Error Rate are considered. Multivariate outlier detection rules based on the False Discovery Rate and the False Discovery Exceedance criteria are proposed. The properties of these rules are evaluated through simulation. The rules are then applied to real data examples. The conclusion is that the proposed approach provides a sensible strategy in many situations of practical interest. 相似文献
17.
实时入侵检测技术描述了监测侵入,渗透和其他类型的滥用计算机的技术。本文介绍的SBT技术采用了 一种新方法,对每个入侵者予以惩罚,并向安全管理员声明自己的行为。网络系统也不需要花很多的时间去 处理入侵事件,这样将有利于处理更多的入侵者,提高检测效率。 相似文献
18.
智能BIT概念与内涵探讨 总被引:6,自引:0,他引:6
进20年来,机内测试(Built-in Test,BIT)技术从理论到应用取得了显著进展,已成为提高复杂系统测试性、维修性的有效途径,并大量应用于大型军用装备、航空航天系统当中。该文首先概要分析了BIT 应用中出现的各种问题和智能BIT概念的提出过程,在综合国内外相关研究的基础上,提出了智能BIT的初步概念,并详细分析了智能BIT的主要内涵和研究内容,最后讨论了智能 BIT在 BIT智能化设计、检测、诊断、决策 4个方面的应用价值和潜力。 相似文献
19.
《Ergonomics》2012,55(9):1371-1389
Automation has changed the role of human operators from direct manual control to supervision. Their main task is to monitor whether system performance remains within pre-specified ranges and intervention is only required in unusual situations. One of the consequences is a loss of situation awareness, which significantly affects performance in abnormal, time-critical situation. The present study reports two experiments, both dealing with fault management in a maritime supervisory control task. The first experiment investigated to what extent false alarms would affect performance and diagnosis behaviour when multiple disturbances occurred. Thirty-nine students from maritime curricula diagnosed disturbances that could either be real or turn out to be a false alarm. The presence of false alarms not only affected the rate with which the subsystems under control were sampled, but it also increased problem-solving time. One of the reasons for suboptimal performance in dealing with fault propagation was tunnel vision: participants had a tendency to deal with disturbances sequentially. In the second experiment the effect of support on performance and diagnosis behaviour was investigated. Two types of support were distinguished: interactive support requiring participants to provide the symptom values and automatic support that directly provided the correct action. Thirty students from maritime curricula diagnosed disturbances with the help of either the interactive or the noninteractive support tool. The results indicated that even though both support tools gave the same advice on how to act, more incorrect actions were taken in the non-interactive support condition. Even though no differences in performance were found after the tool had been removed, it was shown that participants who were used to interactive support used a more structured problem-solving strategy than participants used to the non-interactive support. Consequences for system design are discussed. 相似文献
20.
Current classification algorithms usually do not try to achieve a balance between fitting and generalization when they infer models from training data. Furthermore, current algorithms ignore the fact that there may be different penalty costs for the false-positive, false-negative, and unclassifiable types. Thus, their performance may not be optimal or may even be coincidental. This paper proposes a meta-heuristic approach, called the Convexity Based Algorithm (CBA), to address these issues. The new approach aims at optimally balancing the data fitting and generalization behaviors of models when some traditional classification approaches are used. The CBA first defines the total misclassification cost (TC) as a weighted function of the three penalty costs and the corresponding error rates as mentioned above. Next it partitions the training data into regions. This is done according to some convexity properties derivable from the training data and the traditional classification method to be used in conjunction with the CBA. Next the CBA uses a genetic approach to determine the optimal levels of fitting and generalization. The TC is used as the fitness function in this genetic approach. Twelve real-life datasets from a wide spectrum of domains were used to better understand the effectiveness of the proposed approach. The computational results indicate that the CBA may potentially fill in a critical gap in the use of current or future classification algorithms. 相似文献