| 异常检测在报警关联分析中的应用 |
| |
| 引用本文: | 王娟,秦志光,叶李,靳京.异常检测在报警关联分析中的应用[J].解放军理工大学学报,2009,10(3):278-280. |
| |
| 作者姓名: | 王娟 秦志光 叶李 靳京 |
| |
| 作者单位: | 电子科技大学,计算机科学与工程学院,四川,成都,610054
|
| |
| 基金项目: | 国家242安全计划资助项目 |
| |
| 摘 要: | 为了给报警关联提供时间控制以提高关联的合理性和效率将误报警流作为背景流量,真实报警作为整个报警流的异常.利用经典统计模型即均值方差模型检测报警流量强度的异常,进而把异常的时间段提供给报警关联,仅对异常时间段内的报警进行关联分析.实验显示,该检测模型能够为报警关联分析提供时间控制,使得关联分析能够取得更加精炼而有意义的结果.由于集中分析异常时间段内的报警,该模型可显著地帮助网络管理员节省时间和精力.
|
| 关 键 词: | 报警分析 异常检测 中心极限定理 置信区间 |
Application of anomaly detection in alert correlation analysis |
| |
| WANG Juan,QIN Zhi-guang,YE Li and JIN Jing.Application of anomaly detection in alert correlation analysis[J].Journal of PLA University of Science and Technology(Natural Science Edition),2009,10(3):278-280. |
| |
| Authors: | WANG Juan QIN Zhi-guang YE Li and JIN Jing |
| |
| Institution: | School of Computer Science & Engineering;University of Electronic Science and Technology;Chengdu 610054;China |
| |
| Abstract: | A classic statistic model namely Mean and Standard Deviation Model(MSDM) was used to control time for alert correlation analysis in order to make the alert correlation more meaningful and efficient.Taking false alerts as the background flow and true alerts as the anomaly of the alert flow,MSDM detected the anomaly of the alert flow and offered the abnormal time slice to correlation analysis.Correlation process only correlated the alerts which were in the abnormal time slice.Simulation results show that this... |
| |
| Keywords: | alerts analysis anomaly detection central limit theorem confidence interval |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《解放军理工大学学报》浏览原始摘要信息 |
| 点击此处可从《解放军理工大学学报》下载免费的PDF全文 |
