| 一种新的基于分布式入侵检测的警报聚类方法 |
| |
| 引用本文: | 冯光升,王慧强,武俊鹏,赵倩.一种新的基于分布式入侵检测的警报聚类方法[J].武汉大学学报(理学版),2006,52(5):635-638. |
| |
| 作者姓名: | 冯光升 王慧强 武俊鹏 赵倩 |
| |
| 作者单位: | 哈尔滨工程大学,计算机科学与技术学院,黑龙江,哈尔滨,150001 |
| |
| 基金项目: | 武器装备预研基金;高等学校博士学科点专项科研项目 |
| |
| 摘 要: | 针对大量的异构入侵检测传感器产生的警报泛滥问题,提出了一种在线警报聚类融合模型.该模型根据自我学习和调节,建立元警报作为警报聚类融合的基础,对新产生的警报进行分类、聚类,最终将警报特征与元警报融合,扩充元警报的特征信息.实验结果表明该方法能够有效地减少警报数量,提供具有指导意义的入侵响应,并且聚类结果可被用来进行进一步的网络态势评估.
|
| 关 键 词: | 网络安全 分布式入侵检测系统 警报聚类 |
| 文章编号: | 1671-8836(2006)05-0635-04 |
| 修稿时间: | 2006年4月30日 |
A Novel Method of Alarm Clustering Based Distributed Intrusion Detection |
| |
| FENG Guangsheng,WANG Huiqiang,WU Junpeng,ZHAO Qian.A Novel Method of Alarm Clustering Based Distributed Intrusion Detection[J].JOurnal of Wuhan University:Natural Science Edition,2006,52(5):635-638. |
| |
| Authors: | FENG Guangsheng WANG Huiqiang WU Junpeng ZHAO Qian |
| |
| Abstract: | In respect to the issue of alarms flooding,which is resulted from multiple detection sensors in terms of intrusions,this article proposes a novel on-line model on alarms clustering and fusion.Based upon self-learning,adjustment,and establishment of meta-alarms by clustering and fusing,this new model will classify,cluster and eventually fuse the new alarm with an existing meta-alarm.Through experiment,the result shows that this emerging model has some significant improvements.For instance,it can dramatically decrease the quantity of alarms and provide the instructive signals on intrusion respondence.Moreover,the result of clustering can be utilized in the further evaluation on threat analysis. |
| |
| Keywords: | network security distributed intrusion detection system alarm clustering |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
