| 基于多源安全信息的IDS告警验证研究 |
| |
| 引用本文: | 王景新,王志英,戴葵. 基于多源安全信息的IDS告警验证研究[J]. 计算机应用, 2007, 27(8): 1910-1912 |
| |
| 作者姓名: | 王景新 王志英 戴葵 |
| |
| 作者单位: | 国防科学技术大学,计算机学院,长沙,410073;国防科学技术大学,计算机学院,长沙,410073;国防科学技术大学,计算机学院,长沙,410073 |
| |
| 摘 要: | 由于检测算法的不足以及对目标系统相关信息的忽视,当前的入侵检测系统(IDS)存在着告警泛滥、误报率高等不足,影响了应用效果。为解决这些问题,在对现有验证算法不足进行分析的基础上,提出了一种利用多源安全信息进行告警验证的方法。通过利用深度漏洞信息、系统状态监测信息等多源安全信息,根据相应的告警验证算法,对IDS原始告警信息进行验证。相关实验证明了该方法的有效性。
|
| 关 键 词: | 多源安全信息 告警验证 |
| 文章编号: | 1001-9081(2007)08-1910-03 |
| 收稿时间: | 2007-02-06 |
| 修稿时间: | 2007-02-06 |
IDS alert verification based on multi-source security information |
| |
| WANG Jing-xin,WANG Zhi-ying,DAI Kui. IDS alert verification based on multi-source security information[J]. Journal of Computer Applications, 2007, 27(8): 1910-1912 |
| |
| Authors: | WANG Jing-xin WANG Zhi-ying DAI Kui |
| |
| Affiliation: | College of Computer, National University of Defense Technology, Changsha Hunan 410073, China |
| |
| Abstract: | Due to the design flaws and the ignorance of the target system's information, there exist several shortages in the current intrusion detection systems, such as alert overload and high false alarm rate. To solve these problems, based on the analysis of the current alert verification algorithms, a new alert verification algorithm has been presented in this paper. By utilizing the multi source security information including vulnerability information, system security log and the system state inspection information, the raw IDS alert information generated by the intrusion detection system can be verified and filtered according to the verification algorithm. Experimental results have demonstrated the effectiveness of the verification algorithm. |
| |
| Keywords: | multi-source security information alert verification |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
|
