| 多源异构安全信息融合关联技术研究 |
| |
| 引用本文: | 马琳茹,杨林,王建新.多源异构安全信息融合关联技术研究[J].系统仿真学报,2008,20(4):981-985,989. |
| |
| 作者姓名: | 马琳茹 杨林 王建新 |
| |
| 作者单位: | 1. 国防科学技术大学电子科学与工程学院,湖南,长沙,410073;中国电子设备系统工程公司研究所,北京,100039
2. 中国电子设备系统工程公司研究所,北京,100039 |
| |
| 基金项目: | 国防“十一五”预研基金资助项目(9140A150601),“863”国家高技术研究发展计划(2005AA147050) |
| |
| 摘 要: | 设计了一种异构安全信息处理系统,融合多源异构的安全信息实现告警的预处理、融合和关联。在告警融合模块中,利用扩展D-S证据理论对异构安全系统提供的动态安全信息合成,有效降低了漏报和误报,在入侵检测信任度赋值中引入更新机制,确保在动态变化的网络中判断的准确度。仿真实验表明,融合方法能够在显著减少告警数量的基础上,有效解决单个安全设备无法解决的误报、漏报问题。
|
| 关 键 词: | 告警关联 多源异构 扩展D-S证据理论 告警误/漏报 |
| 文章编号: | 1004-731X(2008)04-0981-05 |
| 收稿时间: | 2006-07-30 |
| 修稿时间: | 2007-06-05 |
Research on Security Information Fusion from Multiple Heterogeneous Sensors |
| |
| MA Lin-ru,YANG Lin,WANG Jian-xin.Research on Security Information Fusion from Multiple Heterogeneous Sensors[J].Journal of System Simulation,2008,20(4):981-985,989. |
| |
| Authors: | MA Lin-ru YANG Lin WANG Jian-xin |
| |
| Abstract: | A system was designed for fusing security information from multiple heterogeneous sensors to process alerts.In the alert fusion module,the extended D-S evidence theory was used to fuse dynamic information from heterogeneous sensors.The weighted evidence was more effective on reducing the number of false positives and false negatives.In the basic probability assignment function of IDS,an adaptive mechanism was introduced to adapt to dynamic networks.The experiments verify that this framework can remarkably reduce the number of alerts and enhance detection performance. |
| |
| Keywords: | alert correlation multiple heterogeneous sensors extended D-S evidence theory false negative/positive |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
