| 多特征关联的入侵事件冗余消除 |
| |
| 引用本文: | 龚俭,梅海彬,丁勇,魏德昊.多特征关联的入侵事件冗余消除[J].东南大学学报(自然科学版),2005,35(3):366-371. |
| |
| 作者姓名: | 龚俭 梅海彬 丁勇 魏德昊 |
| |
| 作者单位: | 东南大学计算机科学与工程系,南京,210096;东南大学江苏省计算机网络技术重点实验室,南京,210096 |
| |
| 基金项目: | 国家自然科学基金资助项目(90104031) |
| |
| 摘 要: | 通过对事件的源地址、宿地址和宿端口3个空间属性进行分析,枚举出事件在空间属性上的所有可能的关联特征;通过对相邻事件的时间间隔进行统计分析,提出了事件的时间关联特征可以用一个相对均方差模型描述.在此基础上给出了一种基于事件类型、空间和时间关联特征的冗余事件消除算法,它能根据冗余消除规则集实时处理入侵事件并进行冗余消除.实验结果表明,该冗余消除算法可以使冗余事件在总的事件中的比例低于1%,其冗余消除的准确性和消除程度均高于CITRA中提出的冗余消除方法.
|
| 关 键 词: | 冗余消除 事件关联特征 入侵检测系统 网络安全 |
| 文章编号: | 1001-0505(2005)03-0366-06 |
Multi-feature correlation redundance elimination of intrusion event |
| |
| Gong Jian,Mei Haibin,Ding Yong,Wei Dehao.Multi-feature correlation redundance elimination of intrusion event[J].Journal of Southeast University(Natural Science Edition),2005,35(3):366-371. |
| |
| Authors: | Gong Jian Mei Haibin Ding Yong Wei Dehao |
| |
| Abstract: | All possible correlation features on spatial properties of events are enumerated by analyzing the three spatial properties of events: source address, destination address and destination port. A relative mean square deviation model is proposed by statistical analysis of events' interval, which can be used to describe the temporal correlation features of events. After that, this paper puts (forward) a redundancy elimination algorithm based on event class, spatial and temporal correlation features, which can deal and eliminate redundant events timely according to the predefined rule set. The experiments show that this algorithm can reduce the rate of redundant events in all events to less than 1%, and is more efficient and accurate than the method used in cooperative intrusion traceback and response architecture (CITRA). |
| |
| Keywords: | redundance elimination event correlation feature intrusion detection system network security |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
