| 多源入侵检测警报的决策级融合模型 |
| |
| 引用本文: | 李志东,杨武,王巍,苘大鹏.多源入侵检测警报的决策级融合模型[J].通信学报,2011,32(5):121-128. |
| |
| 作者姓名: | 李志东 杨武 王巍 苘大鹏 |
| |
| 作者单位: | 哈尔滨工程大学信息安全研究中心,黑龙江,哈尔滨,150001 |
| |
| 基金项目: | 国家高技术研究发展计划(“863”计划)基金资助项目(2007AA01Z473); 国家242信息安全计划基金资助项目(2007B17); 哈尔滨工程大学研究基金资助项目(HEUFT09011)~~ |
| |
| 摘 要: | 为了大幅降低对训练样本的要求,摒弃苛刻的约束条件,提出了一种支持在线增量训练的警报融合模型。将初级警报向量映射为表决模式,以缩小统计空间。通过训练统计出各种表决模式在正常或攻击流量下的条件概率分布,依据统计特征的变化即时推断待检测流量的构成情况,使用阈值约束法和贝叶斯推断做出融合决策。从而拓展了适用范围,并且能较好地跟踪适应待检测流量,仅需少量训练样本便可显著提升检测性能。
|
| 关 键 词: | 网络安全 入侵检测 决策级融合 表决模式 统计推断 |
Decision-level fusion model of multi-source intrusion detection alerts |
| |
| LI Zhi-dong,YANG Wu,WANG Wei,MAN Da-peng.Decision-level fusion model of multi-source intrusion detection alerts[J].Journal on Communications,2011,32(5):121-128. |
| |
| Authors: | LI Zhi-dong YANG Wu WANG Wei MAN Da-peng |
| |
| Affiliation: | LI Zhi-dong,YANG Wu,WANG Wei,MAN Da-peng(Information Security Research Center,Harbin Engineering University,Harbin 150001,China) |
| |
| Abstract: | In order to lessen the dependence on training samples significantly and eliminate rigorous constraint conditions,an alert fusion model that supports online incremental training was presented.Firstly,primary alerts vector was mapped to voting pattern,so as to reduce statistical space.Then,the conditional probability distributions of various voting patterns in normal or attack traffic were inferred via training.Afterwards,according to the variation of statistical characteristics,the composition of the traffic... |
| |
| Keywords: | network security intrusion detection decision-level fusion voting pattern statistical inference |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
|
