|
|||||
|
|
| Two-Stage Algorithm for Correlating the Intrusion Alerts | |
| 引用本文: | WANGLiang-min MAJian-feng. Two-Stage Algorithm for Correlating the Intrusion Alerts[J]. 武汉大学学报:自然科学英文版, 2005, 32(1): 89-92. DOI: 10.1007/BF02828624 |
| 作者姓名: | WANGLiang-min MAJian-feng |
| 作者单位: | [1]TheKcyLaboratoryofComputerNetworkandInformationSecurity,XidianUniversity,Xi'an710071,Shaanxi,China//SehoolofComputer,JiangsuUniversity,Zhenjiang212013,Jiangsu,China [2]TheKcyLaboratoryofComputerNetworkandInformationSecurity,XidianUniversity,Xi'an710071,Shaanxi,China |
| 基金项目: | SupportedbytheNationalNaturalScienceFundationofChina(90204012)andHiTechResearchandDevelopmentProgramofChina(2002AA143021) |
| 摘 要: | To solve the problem of the alert flooding and information semantics in the existing Intrusion Detection System(IDS), we present a two-stage algorithm for correlating the alerts. In the first stage, the high-level alerts is integrated by using the Chronicle patterns based on time intervals, which describe and match the alerts with the temporal time constrains of an input sequence. In the second stage, the preparing relationship between the high-level alerts is defined, which is applied to correlate the high-level alerts, and the attack scenario is constructed by drawing the attack graph. In the end a given example shows the performances of this twostage correlation algorithm in decreasing the number and improving the information semantic of the intrusion alerts produced by the IDS. |
| 关 键 词: | 两级算法 侵入检测系统 侵入警报 计算机网络 网络安全 |
| 收稿时间: | 2004-05-30 |
Two-stage algorithm for correlating the intrusion alerts |
|
| Wang Liang-min,Ma Jian-feng. Two-stage algorithm for correlating the intrusion alerts[J]. Wuhan University Journal of Natural Sciences, 2005, 32(1): 89-92. DOI: 10.1007/BF02828624 | |
| Authors: | Wang Liang-min Ma Jian-feng |
| Affiliation: | (1) The Key Laboratory of Computor Network and Information Security, Xidian University, 710071, Shaanxi Xi'an, China;(2) School of Computer, Jiangsu University, 212013, Jiangsu Zhenjiang, China |
| Abstract: | To solve the problem of the alert flooding and information semantics in the existing Intrusion Detection System(IDS), we present a two-stage algorithm for correlating the alerts. In the first stage, the high-level alerts is integrated by using the Chronicle patterns based on time intervals, which describe and match the alerts with the temporal time constrains of an input sequence. In the second stage, the preparing relationship between the high-level alerts is defined, which is applied to correlate the high-level alerts, and the attack scenario is constructed by drawing the attack graph. In the end a given example shows the performances of this two-stage correlation algorithm in decreasing the number and improving the information semantic of the intrusion alerts produced by the IDS. |
| Keywords: | intrusion detection alert correlation partial ordering |
| 本文献已被 CNKI 维普 万方数据 SpringerLink 等数据库收录! | |