| 基于MapReduce并行计算模型的报警聚合算法 |
| |
| 引用本文: | 白浩泉,姚立红,陆松年.基于MapReduce并行计算模型的报警聚合算法[J].信息技术,2011,35(4):85-88,92. |
| |
| 作者姓名: | 白浩泉 姚立红 陆松年 |
| |
| 作者单位: | 上海市信息安全综合管理技术研究重点实验室,上海,200240 |
| |
| 摘 要: | 随着网络攻击以及网络流量的飞速增长,分析入侵检测系统产生的海量报警信息越来越困难。MapReduce是由Google提出的一个软件架构,用于大规模数据集(大于1TB)的并行运算,提出了一种基于MapReduce并行计算模型的报警聚合算法,用于执行高效的报警归并。最后使用DARPA 2000数据集,验证了本算法可以高效地聚合报警信息,大量减少冗余报警数量。
|
| 关 键 词: | 入侵检测系统 报警聚合 MapReduce 并行计算 |
An alert aggregation algorithm based on MapReduce Parallel computing model |
| |
| BAI Hao-quan,YAO Li-hong,LU Song-nian.An alert aggregation algorithm based on MapReduce Parallel computing model[J].Information Technology,2011,35(4):85-88,92. |
| |
| Authors: | BAI Hao-quan YAO Li-hong LU Song-nian |
| |
| Affiliation: | (Shanghai Key Laboratory of Integrate Administration Technologies for Information Security,Shanghai 200240,China) |
| |
| Abstract: | With the rapid growth of viruses,network attacks and the network traffic,analyzing the huge log and alert information generated by intrusion detection system would face the increasing challenges.The MapReduce programming model is inspired by Google and targets data-intensive parallel computations.The paper presents and implements a high-performance alert aggregation algorithm based on MapReduce parallel computing model.The experiment results on the DARPA 2000 dataset showed that this algorithm is effective and efficient. |
| |
| Keywords: | intrusion detection system alert aggregation MapReduce parallel computing |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
