| 对入侵检测警报关联分析的研究与实践 |
| |
| 引用本文: | 李雪莹,刘宝旭,毕学尧,安德海,许榕生. 对入侵检测警报关联分析的研究与实践[J]. 计算机工程与应用, 2003, 39(19): 14-16,114 |
| |
| 作者姓名: | 李雪莹 刘宝旭 毕学尧 安德海 许榕生 |
| |
| 作者单位: | 1. 中国科学院高能物理研究所计算中心,北京,100039;军事医学科学院医学情报研究所网络信息中心,北京,100850
2. 中国科学院高能物理研究所计算中心,北京,100039 |
| |
| 基金项目: | 国家973重点基础研究发展规划项目(编号:G1999035806),中国科学院知识创新工程重大项目(编号:KJCX1-09) |
| |
| 摘 要: | 该文从网络入侵检测系统(NIDS)的工作原理、配置策略和警报格式三方面对其重复警报信息量大、误报多的原因进行了详细分析,指出了因此带来的危害。提出利用对警报信息的关联分析方法来调整IDS的配置策略和确定攻击行为,并结合分析的结论和漏洞扫描的结果对网络配置状况进行了重新评估,指出网络中存在的问题,使网络安全管理员及时解决问题,加固系统,提高了网络入侵检测系统的准确性、实用性。
|
| 关 键 词: | 入侵检测系统 关联分析 相关性 模式匹配 |
| 文章编号: | 1002-8331-(2003)19-0014-03 |
Study and Implementation of Intrusion-Detection Alerts Via Correlation Analysis |
| |
| Li Xueying , Liu Baoxu Bi Xueyao An Dehai Xu Rongsheng. Study and Implementation of Intrusion-Detection Alerts Via Correlation Analysis[J]. Computer Engineering and Applications, 2003, 39(19): 14-16,114 |
| |
| Authors: | Li Xueying Liu Baoxu Bi Xueyao An Dehai Xu Rongsheng |
| |
| Affiliation: | Li Xueying 1,2 Liu Baoxu 1 Bi Xueyao 1 An Dehai 1 Xu Rongsheng 11 |
| |
| Abstract: | The paper analyzes the reasons and damages of magnitude alerts and false positive of Network Intrusion Detection System(NIDS)from the principle,configuration strategies and the form of alerts.It is proposed to tune the configuration strategies and ascertain the attacks via correlation analyzing the Network Intrusion Detection System alerts.The configuration of network is reevaluated by analyzing the conclusion of Correlation analysis and vulnerability scan,and the problem in the network is pointed out to make the system administrator deal with it in time and improve the security of computer.All in all,the means in the paper make the Network Intrusion Detection System more accurate and more practical. |
| |
| Keywords: | Intrusion Detection System Correlation analysis Correlation Pattern Matching |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
