首页|期刊导航|计算机应用研究|入侵检测系统中分层报警处理模型的研究

入侵检测系统中分层报警处理模型的研究

肖立中刘云翔戴蒙

计算机应用研究2009，Vol.26Issue(8)：2995-2999,5.

计算机应用研究2009，Vol.26Issue(8)：2995-2999,5.DOI:10.3969/j.issn.1001-3695.2009.08.057

入侵检测系统中分层报警处理模型的研究

Research on hierarchical alarm processing model in intrusion detection system

肖立中 ¹刘云翔 ²戴蒙³

作者信息

1. 上海应用技术学院,计算机科学与信息工程系,上海,200235
2. 华东理工大学,控制科学与工程博士后流动站,上海,200237
3. 昆山软件园博士后工作站,江苏,昆山,215311
折叠

摘要

Abstract

In view of the alarm flooding problem, this paper studied a hierarchical alarm processing model to filter, reduce, fuse and correlate alarm data. In filtering, eliminated false alarms with repository. In reduction, designed a reduction algorithm to remove the duplicate alarms in real time. In fusion, proposed a clustering-based fusion algorithm to banish similar alarms in real time. In correlation, implemented the frequent episodes algorithm on training data to find the intrusion patterns and constructed repository which provided similarity to the clustering-based correlation algorithm. Through the above processing, eliminated the false and invalid alarms, which eased the networks system and administrator's burden. Meanwhile, found the intrusion patterns and reported the alarm prediction. Experimental results show the model is effective.

关键词

入侵检测/报警处理/聚类算法

Key words

intrusion detection/alarm processing/clustering algorithm

分类

信息技术与安全科学

引用本文复制引用

肖立中,刘云翔,戴蒙..入侵检测系统中分层报警处理模型的研究[J].计算机应用研究,2009,26(8):2995-2999,5.

基金项目

上海高校选拔培养优秀青年教师科研专项基金资助项目(YYY-07008) （YYY-07008）

上海应用技术学院引进人才科研启动资助项目(YJ2007-24) （YJ2007-24）

上海应用技术学院计算机科学与技术重点学科资助项目（）

计算机应用研究

OA北大核心CSCDCSTPCD

ISSN：1001-3695

访问量0

下载量0

段落导航