| 基于地址关联图的分布式IDS报警关联算法 |
| |
| 引用本文: | 段海新,于雪丽,王兰佳.基于地址关联图的分布式IDS报警关联算法[J].大连理工大学学报,2005,45(Z1):126-131. |
| |
| 作者姓名: | 段海新 于雪丽 王兰佳 |
| |
| 作者单位: | 清华大学,信息网络工程研究中心,北京,100084 |
| |
| 基金项目: | 中国科学院资助项目;新材料领域项目 |
| |
| 摘 要: | 当前入侵检测系统产生的报警洪流往往使管理员无法处理,大大降低了IDS系统的有效性. 对原始报警事件的关联分析可以从大量报警中提取出有效的攻击事件;分析攻击者的真正意图,对大规模分布式入侵检测系统有重要意义. 为此综合分析了现有报警关联算法的优点和不足,提出了一种基于地址关联图(ACG)的报警关联算法. 该算法用地址关联图模型对分布式IDS原始报警事件进行分析,以得到不同攻击之间的关联和发生步骤,得到攻击者的攻击路径,进而分析攻击者的意图. 该算法无需提前制定关联知识库或提前训练关联模型,因此易于实现.
|
| 关 键 词: | 入侵检测系统 报警 关联 地址关联图 |
| 文章编号: | 1004-5619(2005)04-0310-02 |
| 修稿时间: | 2005年6月21日 |
An algorithm of alert correlation based on address correlation graph in distributed intrusion detection system |
| |
| DUAN Hai-xin,YU Xue-li,WANG Lan-jia.An algorithm of alert correlation based on address correlation graph in distributed intrusion detection system[J].Journal of Dalian University of Technology,2005,45(Z1):126-131. |
| |
| Authors: | DUAN Hai-xin YU Xue-li WANG Lan-jia |
| |
| Abstract: | The alert flood of current IDSes often overwhelms the security administrators,which largely decreases the effectiveness of IDS.The correlation of original alerts plays an important role in distributed IDS,which can draw out the effective attacks from a large number of alerts,and analyze the real intension of attackers.In this paper,the merits and defects of typical correlation algorithms are analyzed.An algorithm of alert correlation based on address correlation graph(ACG) is proposed here.The algorithm can be used to analyze the original alerts with ACG model,which can get the intrusion path of attackers through the relation and steps of different attacks,and then analyze the intension of attackers.The algorithm is easy to be implemented because it does not depend on a predefined base of correlation knowledge or a forehand training of correlation model. |
| |
| Keywords: | IDS alert correlation ACG |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
