高级检索

    基于模糊综合评判的入侵检测报警信息处理

    Intrusion-Detection Alerts Processing Based on Fuzzy Comprehensive Evaluation

    • 摘要: 提出一种基于模糊综合评判的方法来处理入侵检测系统的报警信息、关联报警事件,并引入有监督的确信度学习方法,通过确信度来对报警信息进行进一步的过滤.通过对这些技术手段的综合使用,力求降低误报率和重复报警,逐步减轻网络管理员的工作强度.这种模糊评判所实现的事件关联有助于发现入侵者的行为序列,为事件威胁分析和入侵响应决策打下了基础,并有利于将不同安全产品集成在一起,实现网络系统的立体防御.

       

      Abstract: An algorithm based on fuzzy comprehensive evaluation for correlating the alerts produced by intrusion detection systems is presented. The paper also gives an approach to learn the confidence metric for each type of alerts, which can be used to filter alerts further. The false positive alerts and duplicate alerts can be reduced significantly by using both the correlation algorithm and the confidence learning method. Meanwhile, the working intensity of network administrators can be reduced gradually. In addition, the correlated alerts are helpful to capture the logical steps or strategies behind attacks and choose appropriate actions to stop ongoing attacks. It can be potentially used to integrate different kinds of security tools together in order to realize the goal of cooperative defence for network systems.

       

    /

    返回文章
    返回