| 入侵检测中基于序列模式的告警关联分析 |
| |
| 引用本文: | 武斌,杨义先,郑康锋.入侵检测中基于序列模式的告警关联分析[J].电子科技大学学报(自然科学版),2009,38(3):415-418. |
| |
| 作者姓名: | 武斌 杨义先 郑康锋 |
| |
| 作者单位: | 1.北京邮电大学网络与交换技术国家重点实验室 北京 海淀区 100876 |
| |
| 基金项目: | 国家重点基础研究发展计划 |
| |
| 摘 要: | 提出一种基于序列模式的告警关联分析模型,实现对攻击告警的分析。该模型预处理部分利用网络拓扑信息和告警属性相似度隶属函数对原始告警进行过滤和融合;在WINEPI算法的基础上,考虑告警数据库增长的情况,提出一种告警的增量式序列模式挖掘算法,用于关联规则发现;在线关联模块匹配规则库形成攻击场景图,并预测未知攻击事件。使用2000 DARPA攻击数据集测试表明,该模型能够明显改善入侵检测系统的性能,验证了模型和算法的有效性。
|
| 关 键 词: | 告警关联 数据挖掘 增量式更新 入侵检测 序列模式 |
| 收稿时间: | 2008-01-21 |
Analysis of Alert Correlation Based on Sequential Pattern in Intrusion Detection |
| |
| Affiliation: | 1.State Key Laboratory of Networking and Switching Technology,Beijing University of Posts and Telecommunications Haidian Beijing 100876 |
| |
| Abstract: | An alert correlation model based on sequential pattern is presented for the analysis of attacker alarm. Alerts are filtered and merged by means of the network information and similarity membership function first. In the alert correlation module, an incremental sequential algorithm based on WINEPI is employed aiming at the correlation rule mining when the rule database increases. The online correlation module matches rules and constructs attack scenarios. The experiment results with the 2000 defense advanced research projects agency (DARPA) intrusion detection scenario specific datasets indicate that the proposed alert correlation model can improve the performance of intrusion detection system (IDS) efficiently. |
| |
| Keywords: | |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《电子科技大学学报(自然科学版)》浏览原始摘要信息 |
|
点击此处可从《电子科技大学学报(自然科学版)》下载全文 |
