| 基于模式匹配的告警关联 |
| |
| 引用本文: | 吕晓斌,邓琦皓,罗军勇,王清贤.基于模式匹配的告警关联[J].微电子学与计算机,2005,22(7):103-106. |
| |
| 作者姓名: | 吕晓斌 邓琦皓 罗军勇 王清贤 |
| |
| 作者单位: | 信息工程大学信息工程学院网络工程系,河南,郑州,450002 |
| |
| 摘 要: | 告警关联技术是入侵检测领域中一个新的发展方向,它对解决目前入侵检测系统存在的告警数量大、告警信息含量少、虚警数量大等问题具有十分重要的意义。文章介绍了在我们设计开发的分布式协同入侵检测系统(DACIDS)中通过对入侵行为模式的匹配而进行告警关联的方法。入侵行为模式是定义在时问基础上的一组谓词公式,其实质是通过时间限制联系在一起的入侵事件的集合。该方法在对大量告警进行关联的同时,对虚警的处理尤为有效。
|
| 关 键 词: | 入侵检测 告警关联 入侵行为模式 |
| 文章编号: | 1000-7180(2005)07-103-04 |
| 收稿时间: | 2004-12-20 |
| 修稿时间: | 2004年12月20 |
Alerts Correlation Based on Intrusion Action Pattern |
| |
| LV Xiao-bin,DENG Qi-hao,LUO Jun-yong,WANG Qing-xian.Alerts Correlation Based on Intrusion Action Pattern[J].Microelectronics & Computer,2005,22(7):103-106. |
| |
| Authors: | LV Xiao-bin DENG Qi-hao LUO Jun-yong WANG Qing-xian |
| |
| Abstract: | The technology of alerts correlation is a new trend for intrusion detection. It is very useful to solve problems, such as alarm overload, poorness of the alarms semantics and false negatives, in current intrusion detection system. In this paper, we propose to use intrusion action pattern to correlate alerts in our Distributed Active Collaboration Intrusion Detection System (DACIDS). Intrusion action pattern are sets of propositions related on times. In other words, it's a set of events, linked together by time constraints. Our method has been proved to address the problems concerned. |
| |
| Keywords: | Intrusion Detection System (IDS) Alert correlation Intrusion Action Pattern (IAP) |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
