共查询到19条相似文献,搜索用时 281 毫秒
1.
2.
针对分布式入侵检测和网络安全预警所需要解决的问题,文章对多传感器数据融合技术进行了研究.在分析IDS警报信息之间的各种复杂关系的基础上,提出了一个警报信息实时融合处理模型,并根据该模型建立警报信息融合处理系统.实时融合来自多异构IDS传感器的警报信息,形成关于入侵事件的攻击序列图,并在此基础上进行威胁评估及攻击预测.该模型中拓展了漏报推断功能,以减少漏报警带来的影响,使得到的攻击场景更为完整.实验结果表明,根据该模型建立的融合处理系统应用效果好,具有很高的准确率和警报缩减率. 相似文献
3.
针对分布式入侵检测和网络安全预警所需要解决的问题,对多传感器数据融合技术进行了研究。在分析IDS警报信息之间的各种复杂关系的基础上,提出了一个警报信息实时融合处理模型,并根据该模型建立警报信息融合处理系统。实时融合来自多异构IDS传感器的警报信息,形成关于入侵事件的攻击序列图,在此基础上进行威胁评估及攻击预测。该模型拓展了漏报推断功能,以减少漏报警带来的影响,使得到的攻击场景更为完整。实验结果表明,根据该模型建立的融合处理系统应用效果好,具有很高的准确率和警报缩减率。 相似文献
4.
5.
面对入侵检测系统(IDS)产生的海量警报,提出了一种基于协议解析和传输控制协议(TCP)有限状态机的伪警报去除方法。对于无连接的请求/应答协议,同时分析请求数据包的攻击特征和应答数据包的返回状态码来去除伪警报;对于TCP,在协议分析的基础上建立TCP数据包的有限状态机的模型,通过判断系列数据包是否为同一TCP连接、是否包含攻击序列来去除伪警报。在DARPA2000的数据集上的实验结果表明,此方法的误警率平均降低了59.47%,对TCP和请求/应答协议的警报的识别率达到76.67%。该方法简单又有效,依赖IDS的攻击特征库,可以插件的形式在线实现。 相似文献
6.
基于本地决策的多域间合作入侵检测 总被引:1,自引:0,他引:1
在大规模多管理域网络环境中,IDS系统间合作检测更多地体现出分布式、本地化的特点。文中提出基于本地安全策略实现信息采集、交换、评估、过滤和关联分析的合作IDS模型,描述了合作IDS间共享信息可信度评估和不完整警报关联分析等方法,实现了大规模多管理域网络环境中合作IDS原型MDCI系统。该系统能够有效降低警报关联分析的误报率和漏报率,提高合作IDS系统的检测性能。 相似文献
7.
针对传统的入侵检测系统存在的误警率高、存在告警洪流、告警孤立等缺点,引入了数据融合方法,提出了一个分布式入侵检测中的数据融合模型。该模型对告警进行分类,采用D-S理论对多IDS告警进行融合,基于前提和后果的方法对告警进行关联,最后量化系统受威胁程度,提供了一个解决上述问题的框架和方法。 相似文献
8.
付庆利 《计算机工程与应用》2007,43(25):140-142
在大规模网络环境中,入侵检测系统得到的警报数据具有一定的规律。据此提出了一种基于警报事件强度的异常检测方法,采用分类样本空间和贝叶斯动态预测方法,解决了警报数据的时间效应问题。实验数据分析表明,该方法对于大规模入侵行为具有较好的检测效果。 相似文献
9.
10.
误警率较高是入侵检测系统(IDS)存在的一个主要问题,极大影响了检测结果的可信性。形式化分析了IDS可信问题与误报率的关系以及异常IDS误警率问题产生原因,借鉴生物免疫系统,提出了基于人工免疫思想,动态构建正常系统轮廓,抑制误警率的方法。给出了抗原、抗体的形式化描述及检测的具体过程,并进行了仿真和对比实验。理论分析和实验表明,该方法有效降低了IDS的误警率。 相似文献
11.
到目前为止,网络管理员对入侵检测系统(IDS)所产生的警报还是以在辅助工具下的手工操作进行整理,从而得到一个高级别的攻击描述。为了有效融合多种入侵检测系统报警信息,提高警告的准确性,警报聚类自动分析工具被建议使用来产生高级别的攻击描述。除此之外,警报聚类自动分析工具还可以有效地分析威胁,融合不同的信息源,例如来自于不同IDS中的信息源。该文提出了新的警报聚类系统,以便把来自于多种IDS所产生的警报进行警报聚类,产生攻击描述。实验结果表明,通过警报聚类模块有效地总结攻击可以产生高级别的警报,并大幅度地减少了要提交给管理员的警报数量。此外,以这些高级别警报为基础还可以进一步地进行威胁分析。 相似文献
12.
报警在保证流程工业安全运行方面起到了重要的提示作用,但大量的报警信号也给操作员带来了困扰,使其无法抓住核心信息并作出判断,以便采取适当的行动。多个报警信号之间并非独立,而是存在有关联关系,提出了一种从历史报警数据中识别这些关系的方法。根据两个报警变量的报警发生时间,确定报警变量之间是否存在关联关系,并确定时间上的顺序和因果强度。基于每对报警变量之间的关联关系,构建多个报警之间的关联拓扑图。该方法可用于智能报警管理,为提高报警信息的指导价值提供技术支持。 相似文献
13.
This driving simulator study focuses on false and missing alarms produced by a forward collision warning system and estimates the effect of alarm timing on driver response to alarm malfunction from the perspective of driver trust in alarms. The results show that drivers who experience late alarms are reluctant to respond to a false alarm and are not influenced by a missed alarm; however, drivers who experience early alarms tend to respond to a false alarm and suffer a delayed response to critical situations when a missing alarm happens. Furthermore, drivers whose judgement of trust is relatively high, tend to exhibit delayed braking, compared with drivers that have lower levels of trust. Driver behaviour towards false and missed alarms may vary according to alarm timing and its influence on trust in alarms; moreover, impaired system effectiveness caused by alarm malfunction may be mitigated by manipulating alarm timing. 相似文献
14.
《Behaviour & Information Technology》2012,31(5):443-452
This driving simulator study focuses on false and missing alarms produced by a forward collision warning system and estimates the effect of alarm timing on driver response to alarm malfunction from the perspective of driver trust in alarms. The results show that drivers who experience late alarms are reluctant to respond to a false alarm and are not influenced by a missed alarm; however, drivers who experience early alarms tend to respond to a false alarm and suffer a delayed response to critical situations when a missing alarm happens. Furthermore, drivers whose judgement of trust is relatively high, tend to exhibit delayed braking, compared with drivers that have lower levels of trust. Driver behaviour towards false and missed alarms may vary according to alarm timing and its influence on trust in alarms; moreover, impaired system effectiveness caused by alarm malfunction may be mitigated by manipulating alarm timing. 相似文献
15.
随着电信IPTV业务的高速发展,承载网规模不断扩大,设备故障运维难度逐渐增大。当设备发生故障时,如何在大规模网络中对故障节点进行快速定位已成为运维方面的重大挑战。目前承载网设备故障告警主要依赖于设备性能日志,误告较多,且无法适应大规模网络故障定位。因此借助Spark等工具,提出一种基于终端数据的异常节点定位方法,结合网络拓扑初步实现阈值告警。并进一步以设备相关性和可靠性为分析基础,将告警过程产生的大量虚假告警进行清洗,提高故障定位精确率。实验结果表明,在承载网故障定位中该方法精确率能达到89%,具有较高实用价值。 相似文献
16.
Stefan Wallin 《Journal of Network and Systems Management》2009,17(4):457-481
Alarm management has been around for decades in telecom solutions. We have seen various efforts to define standardised alarm
interfaces. The research community has focused on various alarms correlation strategies. Still, after years of effort in industry
and research alike, network administrators are flooded with alarms; alarms are suffering from poor information quality; and
the costs of alarm integration have not decreased. In this paper, we explore the concept of ‘alarm’. We define ‘alarm’ and
alarm-type concepts by investigating the different definitions currently in use in standards and research efforts. Based on
statistical alarm data from a mobile operator we argue that operational and capital expenditures would decrease if alarm sources
would apply to our alarm model. 相似文献
17.
《Ergonomics》2012,55(9):1487-1488
Alarm fatigue has been recognised as a significant health technology safety risk. ‘Probability matching’, in which clinicians respond to the alarm at a rate identical to the perceived reliability of the alarm, has been postulated as a model to explain alarm fatigue. In this article, we quantitatively explore the implications of probability matching for systolic blood pressure alarms. We find that probability matching could have a profound effect on clinician response to the alarm, with a response rate of only 8.6% when the alarm threshold is 90 mm Hg and the optimal threshold for a systolic blood pressure alarm would only be 77 mm Hg. We use the mathematical framework to assess a mitigation strategy when clinicians have a limit to the capacity to respond. We find that a tiered alarm in which clinicians receive information on the severity of vital sign perturbation significantly improves the opportunity to rescue patients.Practitioner Summary: Using a theoretical model, we predict that probability matching, a postulated model of clinician behaviour, can result in a profound decrease in clinician response to alarms for decreased blood pressure. A mitigating strategy is to create alarms that convey information on the degree of vital sign perturbation. 相似文献
18.
As roadways become more congested, there is greater potential for automobile accidents and incidents. To improve roadway safety, automobile manufacturers are now designing and incorporating collision avoidance warning systems; yet, there has been little investigation of how the reliability of alarm signals might impact driver performance. We measured driving and alarm reaction performances following alarms of various reliability levels. In Experiment One, 70 participants operated a driving simulator while being presented console emitted collision alarms that were 50%, 75%, or 100% reliable. In Experiment Two, the same participants were presented spatially generated collision alarms of the same reliability levels. The results were similar in both experiments: alarm and automobile swerving reactions were significantly better when alarms were more reliable; however, drivers still failed to avoid collisions following reliable alarms. These results emphasize that alarm designers should maximize alarm reliability while minimizing alarm invasiveness. 相似文献
19.
针对电力通信网络中的故障定位问题,分析了一种网络设备或链路故障引发的大范围连通片故障告警情形,提出一种基于故障传播模型和监督分类学习方法的故障定位算法。首先使用改进的故障传播模型求得初步定位结果,用最少的故障数目解释当前告警;然后通过故障源-故障告警向量分解将故障定位问题转化为监督分类问题,定位告警区域内部故障;最后加入猜测的故障设备和故障链路完善定位结果以提高定位准确率。模拟结果表明提出的故障定位算法的故障检测率达到84%~95%,具有较高的故障定位可靠性。 相似文献