| 基于多源安全信息的告警校验与聚合技术 |
| |
| 引用本文: | 马琳茹,杨林,张志斌. 基于多源安全信息的告警校验与聚合技术[J]. 计算机工程, 2006, 32(15): 129-131 |
| |
| 作者姓名: | 马琳茹 杨林 张志斌 |
| |
| 作者单位: | 国防科学技术大学电子科学与工程学院,长沙,410073;总参第六十一研究所,北京,100039;总参第六十一研究所,北京,100039 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 针对网络入侵检测系统产生大量低质量告警的问题,提出了基于多源安全信息的告警校验与聚合技术,采用一阶谓词逻辑对告警校验进行了建模,并综合分析告警的时间、空间、攻击类型三维属性,对告警进行聚合。提出的方法能够实时、有效地滤除无关告警,消除冗余度,实现告警的精简。
|
| 关 键 词: | 入侵检测 告警校验 告警聚合 |
| 文章编号: | 1000-3428(2006)15-0129-03 |
| 收稿时间: | 2006-04-20 |
| 修稿时间: | 2006-04-20 |
Alert Verification and Aggregation Based on Multi-source Security Information |
| |
| MA Linru,YANG Lin,ZHANG Zhibin. Alert Verification and Aggregation Based on Multi-source Security Information[J]. Computer Engineering, 2006, 32(15): 129-131 |
| |
| Authors: | MA Linru YANG Lin ZHANG Zhibin |
| |
| Affiliation: | 1. Institute of Electronic Science and Engineering, National University of Defense Technology, Changsha 410073;2. The 61^st Institute of General Staff, Beijing 100039 |
| |
| Abstract: | In order to deal with the large quantity of low quality intrusion detection alerts, the alert verification and aggregation technic based on multi-source security information is developed. The model of alert verification is based on logic predication. The spatial, temporal properties and attack type are analyzed to aggregate the alerts. The method put forward can get rid of non-relevant positive alerts and eliminate redundant alerts timely. |
| |
| Keywords: | Intrusion detection Alert verification Alert aggregation |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
