| 一种网络安全事件关联分析的专家系统研究 |
| |
| 引用本文: | 王雯霞,贾焰,韩伟红,徐镜湖,郑黎明.一种网络安全事件关联分析的专家系统研究[J].信息网络安全,2011(9):97-100. |
| |
| 作者姓名: | 王雯霞 贾焰 韩伟红 徐镜湖 郑黎明 |
| |
| 作者单位: | 国防科技大学计算机学院,湖南长沙,410073 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划(2011AA010702);江苏省基金(BK2010131) |
| |
| 摘 要: | 该文针对现有入侵检测系统存在误报率高、漏报率高等问题,提出了一种用于网络安全事件关联分析的专家系统。该方法对共性知识库进行分层立体化建模以提高关联分析性能,提供资产信息和漏洞信息分析模块来提高对重点设备、网络区域、网络安全事件的关注度,并对冗余信息进行剪枝、去重。同时,在专家系统中引入时间流,从而提高系统的实时性。通过真实环境下的实验分析说明该方法能有效提高关联分析性能,具有易添加、易扩充等优势。
|
| 关 键 词: | 网络安全 关联分析 专家系统 时间流 |
An Expert System Based on Network Security Event Correlation |
| |
| WANG Wen-xia,JIA Yan,HAN Wei-hong,XU Jing-hu,ZHENG Li-ming.An Expert System Based on Network Security Event Correlation[J].Netinfo Security,2011(9):97-100. |
| |
| Authors: | WANG Wen-xia JIA Yan HAN Wei-hong XU Jing-hu ZHENG Li-ming |
| |
| Affiliation: | ( School of Computer Science ,National University of Defense Technology ,Changsha Hunan 410073, China ) |
| |
| Abstract: | It puts forward an expert system based on network security event correlation, to solve the problem that there are high false alarm and missed alarm rate existing in IDS. This paper presents abstraction modeling for knowledge base to advance the performance of correlation analysis, and presents assets information and vulnerability information analysis module to increase the attention to important equipment, network area and network security event, also presents pruning to optimize the redundance. On the other hand, it introduces time stream into expert system to improve the real time action. The system has been applied in real condition, and the results of experiments show that the system can effectively advance the performance of correlation analysis, and can easily extend. |
| |
| Keywords: | networking security alert correlation expert system time stream |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
