| Honeynet中的告警日志分析 |
| |
| 引用本文: | 武斌,郑康锋,杨义先.Honeynet中的告警日志分析[J].北京邮电大学学报,2008,31(6):63-66. |
| |
| 作者姓名: | 武斌 郑康锋 杨义先 |
| |
| 作者单位: | 北京邮电大学,网络与交换技术国家重点实验室,北京,100876;北京邮电大学,网络与交换技术国家重点实验室,北京,100876;北京邮电大学,网络与交换技术国家重点实验室,北京,100876 |
| |
| 基金项目: | 国家"973计划"项目
|
| |
| 摘 要: | 提出一种带有告警日志分析的蜜网(honeynet)架构设计和告警日志分析模型. 将网络入侵检测和主机入侵检测的告警信息相结合,利用网络信息和告警相似度函数进行告警过滤和融合,采用改进的Apriori算法挖掘告警的关联规则,并通过匹配规则形成最终的攻击报告. 实验表明,该方法能有效减少honeynet中冗余的告警,分析出honeynet系统遭受攻击的关联关系,并展现攻击场景.
|
| 关 键 词: | 蜜网 入侵检测 告警关联 |
| 收稿时间: | 2007-12-10 |
| 修稿时间: | 2008-7-9 |
Analysis of Alert Correlation in Honeynet |
| |
| WU Bin,ZHENG Kang-feng,YANG Yi-xian.Analysis of Alert Correlation in Honeynet[J].Journal of Beijing University of Posts and Telecommunications,2008,31(6):63-66. |
| |
| Authors: | WU Bin ZHENG Kang-feng YANG Yi-xian |
| |
| Affiliation: | (State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China) |
| |
| Abstract: | A honeynet architecture with the analysis model of alerts is proposed. The new design of honeynet combines alerts of network intrusion detection system NIDS and HIDS to find out the correlations among them. The alerts are filtered and merged using the network information and similarity membership function. An improved Apriori algorithm is applied to discover the alert correlation knowledge which is matched to construct attack scenarios. Experiments demonstrate that with the analysis model of IDS alerts the redundant IDS alerts decrease efficiently and the correlation relationships of different attacks are constructed accurately |
| |
| Keywords: | Honeynet Intrusion detection alert correlation |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《北京邮电大学学报》浏览原始摘要信息 |
|
点击此处可从《北京邮电大学学报》下载全文 |
|
