| 多IDS环境中基于可信度的警报关联方法研究 |
| |
| 引用本文: | 梅海彬,龚俭.多IDS环境中基于可信度的警报关联方法研究[J].通信学报,2011,32(4):138-146. |
| |
| 作者姓名: | 梅海彬 龚俭 |
| |
| 作者单位: | 东南大学计算机科学与工程学院江苏省计算机网络技术重点实验室,江苏南京,210096 |
| |
| 基金项目: | 国家重点基础研究发展计划("973"计划)基金资助项目 |
| |
| 摘 要: | 针对现有警报关联方法在关联来自多个IDS的警报时未考虑各IDS报告警报可信度的不足,利用证据理论提出了一种基于可信度对多个IDS的警报进行关联分析的方法。方法将各IDS报告警报的情况作为推测网络攻击是否发生的证据,并采用Dempster组合规则来融合这些证据,最后决策判断警报所对应的攻击是否发生,从而消除各IDS报告警报的模糊性和冲突性,达到提高警报质量的目的。在DARPA 2000测试数据集上的实验结果表明,该方法能有效降低误报率,减少警报数目60%以上。
|
| 关 键 词: | 网络安全 入侵检测系统 警报关联 证据理论 可信度 |
Research on alert correlation method based on alert confidence in multi-IDS environment |
| |
| MEI Hai-bin,GONG Jian.Research on alert correlation method based on alert confidence in multi-IDS environment[J].Journal on Communications,2011,32(4):138-146. |
| |
| Authors: | MEI Hai-bin GONG Jian |
| |
| Affiliation: | MEI Hai-bin,GONG Jian(Computer Network Technology Key Laboratory of Jiangsu Province,School of Computer Science and Engineering,Southeast University,Nanjing 210096,China) |
| |
| Abstract: | To overcome the shortcoming of current alert correlation methods which didn't consider the confidence of IDS,an alert correlation method based on alerts confidence using the evidence theory was presented.Each alert was regarded as a piece of evidence of a network attack.Then multiple pieces of evidence were combined by the Dempster's combina-tion rule,and used to infer whether the attack corresponding to the alerts took place.As a result,the ambiguity and con-fliction in alerts were eliminated,achieving the... |
| |
| Keywords: | network security intrusion detection system alert correlation evidence theory confidence |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
|
