| 基于威胁路径的报警关联分析方法 |
| |
| 引用本文: | 王芳,王玉柱,王晓东.基于威胁路径的报警关联分析方法[J].后勤工程学院学报,2006,22(3):40-43,48. |
| |
| 作者姓名: | 王芳 王玉柱 王晓东 |
| |
| 作者单位: | 1. 后勤工程学院,训练部,重庆,400016
2. 后勤工程学院,后勤信息工程系,重庆,400016 |
| |
| 摘 要: | 大量的误报大大降低了现有网络入侵检测系统的实用性,利用报警日志之间的逻辑关系是降低误报率的方法之一。提出了威胁路径的概念,在此基础上提出了基于因果关系的关联分析方法。利用网络的背景信息,发掘报警日志记录之间的逻辑关系,进一步提高报警的准确性,降低误报率。经实验验证,该方法可有效降低网络入侵检测系统误报率,并可用于辅助分析网络入侵过程。
|
| 关 键 词: | 入侵检测 威胁路径 因果关系 报警关联 |
| 文章编号: | 1672-7843(2006)03-0040-04 |
| 修稿时间: | 2006年2月23日 |
The Correlation Analysis of Alert Logs Based on Path of Intrusion |
| |
| WANG Fang,WANG Yuzhu,WANG Xiaodong.The Correlation Analysis of Alert Logs Based on Path of Intrusion[J].Journal of Logistical Engineering University,2006,22(3):40-43,48. |
| |
| Authors: | WANG Fang WANG Yuzhu WANG Xiaodong |
| |
| Abstract: | The high rates of false negatives decrease the practicability of the recent IDS. The application of the relativities of the logs is one of the methods to decrease the rate of false negatives. In this paper, the concept of Path of Intrusion and the analysis method based on causality have been put forward. This method makes use of the information about the network to extract the relativity of the logs, distinguish the false negatives and improve the detection accuracy. As the experimental results show, this method can help decrease the rate of false negatives and analyze the process of the intrusions. |
| |
| Keywords: | intrusion detection path of intrusion alerts correlation causality |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
