首页 | 官方网站   微博 | 高级检索  
相似文献
 共查询到10条相似文献,搜索用时 125 毫秒
1.
Intrusion detection systems (IDSs) often trigger a huge number of unnecessary alerts. Managing the overwhelming number of alerts, especially from multiple IDS products, is a concern to every security analyst. Analyzing and evaluating these alerts is a difficult task that frustrates the effort of analysts. In fact, true alerts are usually buried under heaps of false alerts. We have identified several research gaps in the existing alert management approaches that need to be addressed, especially when handling alerts from different IDS products. In this work, we present an efficient alert management approach that reduces the unnecessary alerts produced by different IDS products using two main modules: an enhanced alert verification module that validates alerts with vulnerability assessment data; and an enhanced alert aggregator module that reduces redundant alerts and presents them in the form of meta alerts. Finally, we have carried out experiments in our test bed and recorded impressive results in terms of high accuracy and low false positive rate for multiple IDS products. Copyright © 2014 John Wiley & Sons, Ltd.  相似文献   

2.
为过滤入侵检测系统报警数据中的误报警,根据报警的根源性和时间性总结出了区分真报警和误报警的19个相关属性,并提出了一种基于粗糙集-支持向量机理论的过滤误报警的方法.该方法首先采用粗糙集理论去除相关属性中的冗余属性,然后将具有约简后的10个属性的报警数据集上的误报警过滤问题转化为分类问题,采用支持向量机理论构造分类器以过滤误报警.实验采用由网络入侵检测器Snort监控美国国防部高级研究计划局1999年入侵评测数据(DARPA99)产生的报警数据,结果表明提出的方法在漏报警约增加1.6%的代价下,可过滤掉约98%的误报警.该结果优于文献中使用相同数据、相同入侵检测系统的其它方法的结果.  相似文献   

3.
努尔布力  柴胜  李红炜  胡亮 《电子学报》2011,39(12):2741-2747
文章研究了警报关联方法,模糊积分和模糊认知图基本理论,提出了一种基于Choquet模糊积分的入侵检测警报关联方法,设计并实现了一个能够识别多步攻击的警报关联引擎.通过DRDOS和LLDOS实验表明,该引擎能够有效的检测网络中存在的大规模分布式多步攻击.  相似文献   

4.
基于混沌粒子群的IDS告警聚类算法   总被引:1,自引:0,他引:1  
为了提高入侵检测系统(IDS)的告警质量,减少冗余报警,提出了一种基于混沌粒子群优化的IDS告警聚类算法。算法将混沌融入到粒子运动过程中,使粒子群在混沌与稳定之间交替运动,逐步向最优点靠近。该算法能够克服粒子群算法的早熟、局部最优等缺点,指导聚类中心寻找到全局最优解。通过理论分析与实验测试,验证了该算法在入侵检测系统中,能够大量减少告警数量,提高告警质量,具有较高的检测率和较低的误报率。  相似文献   

5.
多IDS环境中基于可信度的警报关联方法研究   总被引:1,自引:0,他引:1  
梅海彬  龚俭 《通信学报》2011,32(4):138-146
针对现有警报关联方法在关联来自多个IDS的警报时未考虑各IDS报告警报可信度的不足,利用证据理论提出了一种基于可信度对多个IDS的警报进行关联分析的方法。方法将各IDS报告警报的情况作为推测网络攻击是否发生的证据,并采用Dempster组合规则来融合这些证据,最后决策判断警报所对应的攻击是否发生,从而消除各IDS报告警报的模糊性和冲突性,达到提高警报质量的目的。在DARPA 2000测试数据集上的实验结果表明,该方法能有效降低误报率,减少警报数目60%以上。  相似文献   

6.
Intrusion detection plays a key role in detecting attacks over networks, and due to the increasing usage of Internet services, several security threats arise. Though an intrusion detection system (IDS) detects attacks efficiently, it also generates a large number of false alerts, which makes it difficult for a system administrator to identify attacks. This paper proposes automatic fuzzy rule generation combined with a Wiener filter to identify attacks. Further, to optimize the results, simplified swarm optimization is used. After training a large dataset, various fuzzy rules are generated automatically for testing, and a Wiener filter is used to filter out attacks that act as noisy data, which improves the accuracy of the detection. By combining automatic fuzzy rule generation with a Wiener filter, an IDS can handle intrusion detection more efficiently. Experimental results, which are based on collected live network data, are discussed and show that the proposed method provides a competitively high detection rate and a reduced false alarm rate in comparison with other existing machine learning techniques.  相似文献   

7.
Recent advances in mobile technologies have greatly extended traditional communication technologies to mobile devices. At the same time, healthcare environments are by nature "mobile" where doctors and nurses do not have fixed workspaces. Irregular and exceptional events are generated in daily hospital routines, such as operations rescheduling, laboratory/examination results, and adverse drug events. These events may create requests that should be delivered to the appropriate person at the appropriate time. Those requests that are classified as urgent are referred to as alerts. Efficient routing and monitoring of alerts are keys to quality and cost-effective healthcare services. Presently, these are generally handled in an ad hoc manner. In this paper, we propose the use of a healthcare alert management system to handle these alert messages systematically. We develop a model for specifying alerts that are associated with medical tasks and a set of parameters for their routing. We design an alert monitor that matches medical staff and their mobile devices to receive alerts, based on the requirements of these alerts. We also propose a mechanism to handle and reroute, if necessary, an alert message when it has not been acknowledged within a specific deadline.  相似文献   

8.
随着网络安全问题的日益突出,IDS被更多地用于安全防护,然而每天数以千计的告警信息却使得安全管理员无从招架。因此,自动关联有逻辑联系的告警信息从而减少告警数量已成为IDS日后发展的关键。论文以描述逻辑为基础,用它对攻击进行统一定义;以攻击场景为载体,用它来分析匹配相继出现的告警信息;以能力集为纽带,用它来串联起一幅幅攻击场景,从而能清晰地展现不同告警之间所隐含的逻辑关系,进而为实现关联归并提供依据。  相似文献   

9.
网络攻击越来越复杂,入侵检测系统产生大量告警日志,误报率高,可用性低。为此,论文提出采用聚类分析、关联挖掘算法和基于彩色Petri网的联合挖掘多步骤攻击方法进行IDS告警关联,从宏观和微观攻击轨迹角度重建攻击场景,提高了入侵检测系统的可用性。  相似文献   

10.
Along with expansion in using of Internet and computer networks, the privacy, integrity, and access to digital resources have been faced with permanent risks. Due to the unpredictable behavior of network, the nonlinear nature of intrusion attempts, and the vast number of features in the problem environment, intrusion detection system (IDS) is regarded as the main problem in the security of computer networks. A feature selection technique helps to reduce complexity in terms of both the executive load and the storage by selecting the optimal subset of features. The purpose of this study is to identify important and key features in building an IDS. To improve the performance of IDS, this paper proposes an IDS that its features are optimally selected using a new hybrid method based on fruit fly algorithm (FFA) and ant lion optimizer (ALO) algorithm. The simulation results on the dataset KDD Cup99, NSL‐KDD, and UNSW‐NB15 have shown that the FFA–ALO has an acceptable performance according to the evaluation criteria such as accuracy and sensitivity than previous approaches.  相似文献   

设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司    京ICP备09084417号-23

京公网安备 11010802026262号