基于环境信息改进入侵警报正确率

通常误用检测所定义之攻击特征仅限于单一信息，而经由单一信息所产生的警报，由于针对某些攻击无法精确做出判断，所以误报比例相对较高。在文中，针对误用网络型入侵检测系统建立一个警报过滤机制，该机制找出攻击成功时所需具备的环境务件。当入侵检测系统发现可疑入侵时，依据环境务件加以实时确认查核。根据这些环境异质信息，可明显减少误报的发生，并且不至于将重要的警报给删除。实验结果证明，所提出之过滤机制可以有效地减少误报，同时不影响检测率。

Improving the Efficiency of Intrusion Alarm Based on Environment Information

In intrusion detection systems adopting misuse detection methods,the attack signatures are mostly characterized with information from single data source.Without utilizing other available information,the accuracy of judgment made in generating alarm may not be satisfactory.This paper proposes an alarm filtering scheme to improve the efficiency of misuse-type network intrusion detection system.Through careful analysis,a preliminarily recognized attack threat can be verified against envrionment information in determining if an attack may really succeed before it is reported.The proposed scheme has been implemented.Experiment result shows,with the environment information,the occurrences of false alarm are obviously reduced and none of the real alarms are among those non-reported ones.