| 一种分层实现的分布式告警融合算法 |
| |
| 引用本文: | 唐亮. 一种分层实现的分布式告警融合算法[J]. 长沙通信职业技术学院学报, 2007, 6(1): 25-28 |
| |
| 作者姓名: | 唐亮 |
| |
| 作者单位: | 湖南大学软件学院,湖南长沙,410082 |
| |
| 摘 要: | 在大规模高速网络环境下,分布式入侵检测系统中使用的告警融合算法把底层模块产生的多个简单告警融合生成少量包含更多信息的告警.以减少冗余告警,提高入侵检测的检测效率,降低误报率,最终为管理员提供简练精确的告警.算法通过"聚集--合并--关联"二个步骤,实现了对告警的融合.
|
| 关 键 词: | 入侵检测系统 告警融合 算法 |
| 文章编号: | 1671-9581(2007)-01-0025-04 |
| 修稿时间: | 2006-11-23 |
A layered distributed alert correlation algorithm |
| |
| TANG Liang. A layered distributed alert correlation algorithm[J]. Journal of Changsha Telecommunications and Technology Vocational, 2007, 6(1): 25-28 |
| |
| Authors: | TANG Liang |
| |
| Abstract: | In large-scale high-speed network environment,an alert correlation algorithm used in Large-scale Distributed Intrusion Detection Systems correlates simple alerts produced by low-level components into complex alerts. Our algorithm uses three steps, which are congregation, coalition and correlation, to implement alert correlation. The algorithm can reduce the redundancy alerts, improve the detection efficiency and reduce the false positive rates. |
| |
| Keywords: | intrusion detection system alert correlation algorithm |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
