| 基于层次的智能告警关联分析模型研究 |
| |
| 引用本文: | 张连华. 基于层次的智能告警关联分析模型研究[J]. 微型电脑应用, 2011, 27(8): 36-38,73 |
| |
| 作者姓名: | 张连华 |
| |
| 作者单位: | 上海交通大学,上海,200031 |
| |
| 基金项目: | 2011年度上海市博士后科研资助计划重点项目(项目编号:11R21421700)的资助 |
| |
| 摘 要: | 入侵检测系统的广泛使用产生了许多告警信息流,这些告警事件信息流基本上都是基于低层的攻击步骤检测,且具有较大的误告警率;各种分布式攻击进一步加剧了入侵检测系统告警事件信息流的复杂性。研究介绍了关联分析的基本原因、关联分析的基本概念,然后提出智能化入侵检测关联分析层次模型。该模型从误告警验证和抑制,到一个攻击一个告警,再到一个攻击过程对应一个场景刻画,形成一个层次。在不同的层次上,防御者对攻击的视图越来越清晰,从而为响应措施提供了精确的决策依据,进一步提高了整个入侵检测系统的智能性和可用性。
|
| 关 键 词: | 入侵检测 告警关联分析 智能模型 层次模型 |
Research on Intelligent Alert Correlation Analysis Hierarchy Model |
| |
| Zhang Lianhua. Research on Intelligent Alert Correlation Analysis Hierarchy Model[J]. Microcomputer Applications, 2011, 27(8): 36-38,73 |
| |
| Authors: | Zhang Lianhua |
| |
| Affiliation: | Zhang Lianhua( Research Center of Econometrics,Shanghai Academy of Social Sciences,Shanghai 200020,China) |
| |
| Abstract: | As the intrusion detection systems are widely used by the practitioners, many alert information are produced, which just indicate low level attack steps and may have many error reports. Furthermore, various distributed network attacks enhance the complexities of the intrusion detection system alert information flows. This paper studies the basic reasons of the intrusion alert correlation and proposes an intelligent intrusion detection alert correlation hierarchy model, which can implement the hierarchy of a... |
| |
| Keywords: | Intrusion Detection Alert Correlation Analysis Intelligent Model Hierarchy Model |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
