| 入侵检测中的事件关联分析 |
| |
| 引用本文: | 陈晓苏,尹宏斌,肖道举.入侵检测中的事件关联分析[J].华中科技大学学报(自然科学版),2003,31(4):30-33. |
| |
| 作者姓名: | 陈晓苏 尹宏斌 肖道举 |
| |
| 作者单位: | 华中科技大学计算机科学与技术学院 |
| |
| 摘 要: | 大部分的攻击事件都不是孤立产生的,相互之间存在着某种联系,而这种联系可以抽象为冗余关系和因果关系.当前的大多数入侵检测系统忽略了这种事件之间的关联性,从而暴露出一些问题.针对这些问题,结合这两种事件关系的基本特征,给出了相应的事件关联分析方法,并在此基础上给出了一个事件关联分析器的体系结构设计.
|
| 关 键 词: | 入侵检测系统 事件关联分析 原始事件 网络安全 网络结构 事件建模 |
| 文章编号: | 1671-4512(2003)04-0030-04 |
| 修稿时间: | 2002年9月20日 |
The analysis of event correlation in intrusion detection |
| |
| Chen Xiaosu Yin Hongbin Xiao Daoju Chen Xiaosu Prof., College of Computer Sci. & Tech.,Huazhong Univ. of Sci. & Tech.,Wuhan ,China..The analysis of event correlation in intrusion detection[J].JOURNAL OF HUAZHONG UNIVERSITY OF SCIENCE AND TECHNOLOGY.NATURE SCIENCE,2003,31(4):30-33. |
| |
| Authors: | Chen Xiaosu Yin Hongbin Xiao Daoju Chen Xiaosu Prof College of Computer Sci & Tech Huazhong Univ of Sci & Tech Wuhan China |
| |
| Institution: | Chen Xiaosu Yin Hongbin Xiao Daoju Chen Xiaosu Prof., College of Computer Sci. & Tech.,Huazhong Univ. of Sci. & Tech.,Wuhan 430074,China. |
| |
| Abstract: | The method for the analysis of an event correlation was introduced based on the characteristics of the two kinds of relationships, that is, redundancy relationship and cause and effect relationship. Based on that, the architecture designed for event correlation analysis apparatus was presented. Practice shows that event correlation can decrease number of alert, reduce false alert and discover high level attack strategies effectively . |
| |
| Keywords: | intrusion detection event correlation raw event |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
