| 分布式入侵检测系统中告警相关的研究与实现 |
| |
| 引用本文: | 秦拯,龚发根,张大方. 分布式入侵检测系统中告警相关的研究与实现[J]. 计算机工程与科学, 2005, 27(4): 63-65 |
| |
| 作者姓名: | 秦拯 龚发根 张大方 |
| |
| 作者单位: | 湖南大学软件学院,湖南,长沙,410082;湖南大学软件学院,湖南,长沙,410082;湖南大学软件学院,湖南,长沙,410082 |
| |
| 基金项目: | 国家863计划资助项目 (2003AA118201),国家自然科学基金资助项目(60273070),湖南省2004年科技攻关资助项目(04gk3022) |
| |
| 摘 要: | 现有的告警相关方法处理开销比较大,特别是在告警风暴的情况下有可能无法处理。该文针对这种情况,提出一种改进的、适用于分布式入侵检测系统的告警相关方法,并给出了一个采用这种方法的实现框架及其实验结果。结果表明,改进后的告警相关方法能在告警相关识别率和告警相关准确率保持基本不降低的条件下,告警相关数据处理率降低40%以上,从而可保证告警相关部件在告警风暴的情况下仍有效地工作。
|
| 关 键 词: | 入侵检测 告警相关 告警风暴 |
| 文章编号: | 1007-130X(2005)04-0063-03 |
| 修稿时间: | 2004-05-10 |
Research and Implementation of Alert Correlation in Distributed Intrusion Detection System |
| |
| QIN Zheng,GONG Fa-gen,ZHANG Da-fang. Research and Implementation of Alert Correlation in Distributed Intrusion Detection System[J]. Computer Engineering & Science, 2005, 27(4): 63-65 |
| |
| Authors: | QIN Zheng GONG Fa-gen ZHANG Da-fang |
| |
| Abstract: | The existing alert correlation methods are costly, especially under the condition of alert flooding, which may be hard to process. With this condition, this paper proposes an improved alert correlation method which works in the distributed network environment, and then presents an implementation framework and its experiment results using this method. The results show that the improved alert correlation method can dramatically reduce the alert correlation data processing ratio (>40%) without damaging the alert correlation recognition ratio and the alert correlation accuracy ratio, so it can ensure the alert correlation components to work effectively under the condition of alert flooding. |
| |
| Keywords: | intrusion detection alert correlation alert flooding |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与科学》浏览原始摘要信息 |
|
点击此处可从《计算机工程与科学》下载全文 |
