| 入侵检测报警信息融合系统的构建与实现 |
| |
| 引用本文: | 韩景灵,孙敏.入侵检测报警信息融合系统的构建与实现[J].计算机技术与发展,2007,17(6):159-162. |
| |
| 作者姓名: | 韩景灵 孙敏 |
| |
| 作者单位: | 山西大学,计算机与信息技术学院,山西,太原,030006 |
| |
| 基金项目: | 山西省高等学校科研开发基金 |
| |
| 摘 要: | 针对目前入侵检测系统(IDS)存在的误报、漏报等问题,首先分析了存在误警的原因,设计并实现了一个入侵检测报警信息融合系统的模型。该模型提出一种相似隶属函数对报警事件进行关联,最后对系统进行了实验验证。结果表明该系统能有效地减少报警数量,降低误报、漏报率,从而提高了报警的有效性。同时通过事件关联完成攻击场景的重构,为加深对攻击者攻击意图的了解带来了方便,达到预警的目的,具有较强的实用价值。
|
| 关 键 词: | 入侵检测 误报率 信息融合 报警关联 |
| 文章编号: | 1673-629X(2007)06-0159-04 |
| 收稿时间: | 2006-08-28 |
| 修稿时间: | 2006-08-28 |
Design and Implementation of Intrusion Detection Alert Fusion System |
| |
| HAN Jing-ling,SUN Min.Design and Implementation of Intrusion Detection Alert Fusion System[J].Computer Technology and Development,2007,17(6):159-162. |
| |
| Authors: | HAN Jing-ling SUN Min |
| |
| Affiliation: | School of Computer and Information Technology, Shanxi University,Taiyuan 030006, China |
| |
| Abstract: | Aiming at some problems in current IDS, such as false positive, false negative, analyzes the reason of false positive. An IDS alerts information fusion model is presented, and similarity subordination functions are presented for correlation of alert event. Experiments show that the IDS alerts information fusion system is effective in reducing the number of alerts, false positive, false negative better and it can warn according to attack intention identified. |
| |
| Keywords: | intrusion detection false positive rate information fusion alert correlation |
| 本文献已被 维普 万方数据 等数据库收录! |
|
