| 入侵检测报警关联技术 |
| |
| 引用本文: | 姜兆元,赵军. 入侵检测报警关联技术[J]. 计算机工程, 2007, 33(17): 173-175 |
| |
| 作者姓名: | 姜兆元 赵军 |
| |
| 作者单位: | 重庆邮电大学计算机科学与技术研究所,重庆,400065;重庆邮电大学计算机科学与技术研究所,重庆,400065 |
| |
| 基金项目: | 重庆市自然科学基金 , 重庆市教委资助项目 , 重庆市自然科学基金 |
| |
| 摘 要: | 报警关联技术分析不同安全产品产生的报警,从中识别出真正有意义的攻击警报,并减少大量的误报警,降低安全管理员的工作量。该文介绍了报警关联的基本模型和主要技术,分析了主要的关联方法,探讨了报警关联技术的发展方向。这些讨论对应用或发展报警关联技术都有参考价值。
|
| 关 键 词: | 入侵检测 报警关联 网络安全 |
| 文章编号: | 1000-3428(2007)17-0173-03 |
| 修稿时间: | 2006-09-13 |
Intrusion Detection Alert Correlation Techniques |
| |
| JIANG Zhao-yuan,ZHAO Jun. Intrusion Detection Alert Correlation Techniques[J]. Computer Engineering, 2007, 33(17): 173-175 |
| |
| Authors: | JIANG Zhao-yuan ZHAO Jun |
| |
| Affiliation: | (Inst. of Comp. Sci. & Tech., Chongqing Univ. of Posts and Telecom., Chongqing 400065) |
| |
| Abstract: | Many intrusion detection technologies are complementary to each other.The alert correlation technology analyzes alerts generated from different security products,so that false alerts are greatly reduced,real attacks are more easily discerned,accordingly,the work load on system administrators is largely released.Herein,basic models and technologies of alert correlation are discussed.Important correlation algorithms are analyzed;and development tendencies of alert correlation technologies are also predicted. |
| |
| Keywords: | intrusion detection alert correlation network security |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
