| 入侵告警关联系统及关键技术的研究 |
| |
| 引用本文: | 李亚琴,孙传林,雷杰.入侵告警关联系统及关键技术的研究[J].信息安全与通信保密,2006(8):92-94. |
| |
| 作者姓名: | 李亚琴 孙传林 雷杰 |
| |
| 作者单位: | 华中科技大学计算机科学与技术学院,武汉,430074 |
| |
| 摘 要: | 入侵检测系统的大部分攻击事件之间都存在某种联系,通过对这些告警的关联分析能够减少告警数量,降低误报率,更好地发现攻击以及动态地监控网络。论文提出了一种告警关联系统,系统包括聚合分析、告警确认、多步攻击关联分析和告警严重度分析等过程。文章还对系统中两种主要方法—步攻击关联进行了描述。
|
| 关 键 词: | 入侵检测 告警关联分析 系统框架 |
| 修稿时间: | 2005年9月28日 |
Study of Framework and Key Technology for Intrusion Alerts Correlation |
| |
| Li Yaqin,Sun Chuanlin,Lei Jie.Study of Framework and Key Technology for Intrusion Alerts Correlation[J].China Information Security,2006(8):92-94. |
| |
| Authors: | Li Yaqin Sun Chuanlin Lei Jie |
| |
| Abstract: | The attack events aimed at one system are usually inter-connected in certain respects.Through the correla-tion to discover the attack events' inter-connection,the system can detect the attacks more accurately and dynamically,in terms of decreased number of alerts accuracy and decreased false positive rate.This paper presents an intrusion alerts correlation framework,which is mainly composed of four parts,aggregation analysis,alerts verification,multi-step attack correlation and impact analysis.The aggregation analysis algorithm and multi-step attack correlation algorithm were described in detail in the paper. |
| |
| Keywords: | intrusion detection alerts correlation framework |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
