计算机科学 ›› 2010, Vol. 37 ›› Issue (4): 67-70.
• 计算机网络与信息安全 • 上一篇 下一篇
王秀利,海沫,朱建明,章宁
出版日期:
发布日期:
基金资助:
WANG Xiu-li,HAI Mo,ZHU Jian-ming,ZHANG Ning
Online:
Published:
摘要: 针对入侵检测系统产生大量冗余报警的问题,提出基于报警原因的聚类分析方法。根据报警原因把逻辑上相关的报警归类到同一个报警聚类中,聚类中的报警具有相同的属性,进而归纳为泛化报警,并由它描述报警的共同特征,从而极大地减少报警数量,简化报警分析,有利于准确分析出网络和应用环境面临的安全威胁,以及时采取应对措施。
关键词: 入侵检测,报警分析,报警聚类,报警原因,启发式算法
Abstract: The use of intrusion detection has created the problem to investigate a generally large number of alarms. To solve the problem, a clustering analysis method based on alert cause was presented. The correlative alarms with the same attribute were ranged into a clustering according to their causes. The generalized attributes can describe the common characteristic of the alarms. The method can cut down the number of alarms remarkably, simplify the alert analysis, and analyze the security risk in network and application environment accurately. I}herefore, the corresponding measures can be taken in time.
Key words: Intrusion detection, Alert analysis, Alert clustering, Alert cause, Heuristic algorithm
王秀利,海沫,朱建明,章宁. 基于报警原因的聚类分析方法[J]. 计算机科学, 2010, 37(4): 67-70. https://doi.org/
WANG Xiu-li,HAI Mo,ZHU Jian-ming,ZHANG Ning. Clustering Analysis Method Based on Alert Cause[J]. Computer Science, 2010, 37(4): 67-70. https://doi.org/
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: https://www.jsjkx.com/CN/
https://www.jsjkx.com/CN/Y2010/V37/I4/67
Cited
首页