| 一种基于Choquet模糊积分的入侵检测警报关联方法 |
| |
| 引用本文: | 努尔布力,柴胜,李红炜,胡亮.一种基于Choquet模糊积分的入侵检测警报关联方法[J].电子学报,2011,39(12):2741-2747. |
| |
| 作者姓名: | 努尔布力 柴胜 李红炜 胡亮 |
| |
| 作者单位: | 1. 吉林大学计算机科学与技术学院,吉林长春 130012;2. 新疆大学信息科学与工程学院,新疆乌鲁木齐 830046;3. 吉林大学符号计算与知识工程教育部重点实验室,吉林长春 130012 |
| |
| 基金项目: | 国家重点基础研究发展计划(973计划),国家自然科学基金,吉林省科技发展计划资助项目,长春国际合作项目 |
| |
| 摘 要: | 文章研究了警报关联方法,模糊积分和模糊认知图基本理论,提出了一种基于Choquet模糊积分的入侵检测警报关联方法,设计并实现了一个能够识别多步攻击的警报关联引擎.通过DRDOS和LLDOS实验表明,该引擎能够有效的检测网络中存在的大规模分布式多步攻击.
|
| 关 键 词: | 入侵检测 模糊积分 模糊测度 警报关联 告警关联 |
| 收稿时间: | 2010-12-28 |
Intrusion Detection Alert Correlation Based on Choquet Fuzzy Integral |
| |
| Nurbol,CHAI Sheng,LI Hong-wei,HU Liang.Intrusion Detection Alert Correlation Based on Choquet Fuzzy Integral[J].Acta Electronica Sinica,2011,39(12):2741-2747. |
| |
| Authors: | Nurbol CHAI Sheng LI Hong-wei HU Liang |
| |
| Affiliation: | 1. College of Computer Science and Technology Institute,Jilin University,Changchun,Jilin 130012,China;2. College of Information Science and Engineering,XinJiang University,Urumqi,Xinjiang 830046,China;3. Key Laboratory for Symbol Computation and Knowledge Engineering (Jilin University),Ministry of Education,Changchun,Jilin 130012,China |
| |
| Abstract: | The alert correlation,choquet fuzzy integral and fuzzy cognitive maps was analyzed,the correlation of IDS alerts based choquet fuzzy integral was proposed and the correlation engine of intrusion detection system was designed.Though experiences of the DRDOS attack and LLDOS attack,it is proved that the alert correlation in the paper could correlate the alerts with high feasibility. |
| |
| Keywords: | intrusion detection fuzzy integral fuzzy measure alert correlation alarm correlation |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《电子学报》浏览原始摘要信息 |
|
点击此处可从《电子学报》下载全文 |
|
