计算机科学 ›› 2019, Vol. 46 ›› Issue (4): 203-209.doi: 10.11896/j.issn.1002-137X.2019.04.032
吴祎凡, 崔艳鹏, 胡建伟
WU Yi-fan, CUI Yan-peng, HU Jian-wei
摘要: 针对入侵检测系统普遍存在冗余警报从而影响攻击类型判断的问题,文中提出了一种基于改进层次聚类的警报处理方法,其能减少冗余警报,提高攻击类型检测的准确性。该方法在层次聚类的基础上,使用警报的内容作为聚类的唯一属性值,增加了具有先验知识支撑的有效Alert占比来作为聚类阈值选取的标准,并改进了常规聚类直接抛弃高于阈值的类的处理方法,使用余弦相似度算法计算高于阈值的类的代表Alert,有效避免了有用警报的丢弃。在通过合适的阈值聚类后,按照时间轴的顺序来展示时间窗口内去重且聚类后的警报结果,以便对攻击者的攻击类型进行快速判断。实验结果表明,改进后的聚类方法有较好的去冗效果。
中图分类号:
[1]ZOU N.Research on Active Dynamic Network Security Defense of Network Management .Changchun:Northeast Electric Power University,2008.(in Chinese) 邹楠.网络管理的主动式动态网络安全防御研究.长春:东北电力大学,2008. [2]祝世雄,陈周国,张小松,等.网络攻击追踪溯源[M].北京:国防工业出版社,2015:75-79. [3]CONG H Z.Design and implementation of high speed Network intrusion detection system based on Snort[D].Jinan:Shandong University,2016.(in Chinese) 丛海滋.基于Snort的高速网络入侵检测系统的设计与实现[D].济南:山东大学,2016. [4]JULISCH K.Clustering Intrusion Detection Alarms to Support Root Cause Analysis [J].ACM Journal Name,2002,2(3):111-138. [5]CHEN X.Research on Intrusion Detection Alert Based on Conceptual Clustering Algorithm[J].Journal of Air Force Radar Academy,2004,18(2):28-30.(in Chinese) 陈新.基于概念聚类算法的入侵检测警报研究[J].空军雷达学院学报,2004,18(2):28-30. [6]MEI H B.Research on discovering multi-stepattack patterns based on clustering IDS alert sequences[J].Journal on Communications,2011,32(5):63-69.(in Chinese) 梅海彬.基于警报序列聚类的多步攻击模式发现研究[J].通信学报,2011,32(5):63-69. [7]XU X L.Intrusion Detection Alarms Filtering System Based on Ant Clustering Approach[J].Electronic Technology,2016(1):34-37.(in Chinese) 徐小龙.基于蚁群聚类的入侵检测警报过滤技术[J].电子技术,2016(1):34-37. [8]Cisco.Snort- Network Intrusion Detection & Prevention System[EB/OL].(2017-01-08)[2017-11-06].https://www.snort.org/documents. [9]GUO J F,ZHAO Y Y,BIAN W F,et al.Hierarchical clustering algorithm based on improved cohesion and separation[J].Computer Research and Development,2008,45(1):202-206.(in Chinese) 郭景峰,赵玉艳,边伟峰,等.基于改进的凝聚性和分离性的层次聚类算法[J].计算机研究与发展,2008,45(1):202-206. [10]DU Q,SUN M.Research on Intrusion Detection System Based on Improved Clustering Analysis Algorithm.Computer Engineering and Applications,2011,47(11):106-108.(in Chinese) 杜强,孙敏.基于改进聚类分析算法的入侵检测系统研究.计算机工程与应用,2011,47(11):106-108. [11]YANG B,LONG P F.Application of Condensed Hierarchical Clustering Algorithm in Intrusion Detection.Journal of Electric Power Science and Technology,2005,20(3):57-60.(in Chinese) 阳博,龙鹏飞.凝聚分层聚类算法在入侵检测中的应用.电力科学与技术学报,2005,20(3):57-60. [12]GU C Y.Text similarity calculation based on lexical semantic information[J].Application Research of Computers,2017,35(2):391-395.(in Chinese) 谷重阳.基于词汇语义信息的文本相似度计算[J].计算机应用研究,2017,35(2):391-395. [13]DAVID G,BRIAN T.HTTP权威指南[M].陈涓,赵振平,译.北京:人民邮电出版社,2012:62-69. [14]LI H C.Alert multi-level aggregation and association method based on self-expansion time window[J].Engineering Science and Technology,2017,49(1):206-212.(in Chinese) 李洪成.基于自扩展时间窗的告警多级聚合与关联方法[J].工程科学与技术,2017,49(1):206-212. [15]QIN Z Y,ZHAO Z Y.Alarm clustering for intrusion detection systems in network[J].Journal of Computer Security,2008(5):27-30.(in Chinese) 秦子燕,赵曾贻.网络入侵检测系统中的警报聚类[J].计算机安全,2008(5):27-30. [16]MEI H B,GONG J.Research on discovering multi-step attack patterns based on clustering IDS alert sequences[J].Journal of Communications,2011,32(5):63-69.(in Chinese) 梅海彬,龚俭.基于警报序列聚类的多步攻击模式发现研究 [J].通信学报,2011,32(5):63-69. |
[1] | 吴子仪, 李邵梅, 姜梦函, 张建朋. 基于自注意力模型的本体对齐方法 Ontology Alignment Method Based on Self-attention 计算机科学, 2022, 49(9): 215-220. https://doi.org/10.11896/jsjkx.210700190 |
[2] | 王毅, 李政浩, 陈星. 基于用户场景的Android 应用服务推荐方法 Recommendation of Android Application Services via User Scenarios 计算机科学, 2022, 49(6A): 267-271. https://doi.org/10.11896/jsjkx.210700123 |
[3] | 王省, 康昭. 基于光滑表示的半监督分类算法 Smooth Representation-based Semi-supervised Classification 计算机科学, 2021, 48(3): 124-129. https://doi.org/10.11896/jsjkx.200700078 |
[4] | 陈迎仁, 郭莹楠, 郭享, 倪一涛, 陈星. 基于特征相似度计算的网页包装器自适应 Web Page Wrapper Adaptation Based on Feature Similarity Calculation 计算机科学, 2021, 48(11A): 218-224. https://doi.org/10.11896/jsjkx.210100230 |
[5] | 陈庆超, 王韬, 冯文博, 尹世庄, 刘丽君. 基于最长连续间隔的未知二进制协议格式推断 Unknown Binary Protocol Format Inference Method Based on Longest Continuous Interval 计算机科学, 2020, 47(8): 313-318. https://doi.org/10.11896/jsjkx.190700031 |
[6] | 束云峰, 王中卿. 基于专利结构的中文专利摘要研究 Research on Chinese Patent Summarization Based on Patented Structure 计算机科学, 2020, 47(6A): 45-48. https://doi.org/10.11896/JsJkx.190500028 |
[7] | 钟雅,郭渊博,刘春辉,李涛. 内部威胁检测中用户属性画像方法与应用 User Attributes Profiling Method and Application in Insider Threat Detection 计算机科学, 2020, 47(3): 292-297. https://doi.org/10.11896/jsjkx.190200379 |
[8] | 张云帆,周宇,黄志球. 基于语义相似度的API使用模式推荐 Semantic Similarity Based API Usage Pattern Recommendation 计算机科学, 2020, 47(3): 34-40. https://doi.org/10.11896/jsjkx.190300053 |
[9] | 许飞翔,叶霞,李琳琳,曹军博,王馨. 基于SA-BP算法的本体概念语义相似度综合计算 Comprehensive Calculation of Semantic Similarity of Ontology Concept Based on SA-BP Algorithm 计算机科学, 2020, 47(1): 199-204. https://doi.org/10.11896/jsjkx.181202351 |
[10] | 刘长齐, 邵堃, 霍星, 范冬阳, 檀结庆. 基于加权质量评价函数的K-means图像分割算法 K-means Image Segmentation Algorithm Based on Weighted Quality Evaluation Function 计算机科学, 2019, 46(6A): 158-160. |
[11] | 夏英, 李刘杰, 张旭, 裴海英. 基于层次聚类的不平衡数据加权过采样方法 Weighted Oversampling Method Based on Hierarchical Clustering for Unbalanced Data 计算机科学, 2019, 46(4): 22-27. https://doi.org/10.11896/j.issn.1002-137X.2019.04.004 |
[12] | 卢献华, 王洪俊. 基于大数据计算框架的分布式新闻聚类系统设计 Design of Distributed News Clustering System Based on Big Data Computing Framework 计算机科学, 2019, 46(11A): 220-223. |
[13] | 程宏兵, 王珂, 李兵, 钱漫匀. 一种高效的社交网络朋友推荐方案 Efficient Friend Recommendation Scheme for Social Networks 计算机科学, 2018, 45(6A): 433-436. |
[14] | 王树怡,董东. 基于聚类和偏序序列的API用法模式挖掘 Mining of API Usage Pattern Based on Clustering and Partial Order Sequences 计算机科学, 2017, 44(Z6): 486-490. https://doi.org/10.11896/j.issn.1002-137X.2017.6A.108 |
[15] | 李锋,谢嗣弘. 基于无监督学习的移动心电信号异常诊断研究 Study on Abnormal Diagnosis of Moving ECG Signals Based on Unsupervised Learning 计算机科学, 2017, 44(Z11): 68-71. https://doi.org/10.11896/j.issn.1002-137X.2017.11A.013 |
|