| 基于本体的报警分类技术在报警评估过程中的应用与实现 |
| |
| 引用本文: | 夏雪,肖德宝,顾婷.基于本体的报警分类技术在报警评估过程中的应用与实现[J].北京交通大学学报(自然科学版),2008,32(6). |
| |
| 作者姓名: | 夏雪 肖德宝 顾婷 |
| |
| 作者单位: | 华中师范大学,网络与通信研究所,武汉,430079;华中师范大学,网络与通信研究所,武汉,430079;华中师范大学,网络与通信研究所,武汉,430079 |
| |
| 基金项目: | Science and Technology Bureau of Wuhan Municipality |
| |
| 摘 要: | 由于缺乏评估和关联报警的背景知识,IDS(入侵检测系统)产生的海量报警无法得到更进一步的真实化确认,从而使IDS成为当今安全产品中的诟病.在事件关联范畴内的报警评估是利用被监控系统的背景知识对IDS产生的大量报警进行进一步的分析,从而把真实的危害系统的报警呈现给用户的过程.这些用于评估IDS报警的背景知识包括受害主机系统信息和网络环境信息.本文介绍了事件关联的主要结构,并着重介绍报警评估的流程和所需背景知识库;然后详细描述了基于本体的背景知识库的分类技术;最后给出基于背景知识分类技术在报警评估过程中的具体实现过程.
|
| 关 键 词: | 报警评估 事件关联 背景知识分类 本体语言 入侵检测系统 |
Towards Alert Verification Using Ontology-Based ContextClassification in Event Correlation Process |
| |
| XIA Xue,XIAO Debao,GU Ting.Towards Alert Verification Using Ontology-Based ContextClassification in Event Correlation Process[J].JOURNAL OF BEIJING JIAOTONG UNIVERSITY,2008,32(6). |
| |
| Authors: | XIA Xue XIAO Debao GU Ting |
| |
| Abstract: | Intrusion Detection System (IDS) nowadays are known for producing a huge amount of alerts that are either not related to true alerts or not represented successful attacks due to lack of information to verify and to correlate IDS events. Alert verification, in the process of event correlation, is a method that we use to determine whether an alert from IDS is a false positive and to identify the success of an attack through context information of protected environment in two aspects. That is victim host context information and network context information. This paper presents alert analysis architecture in the event correlation process and then focuses on alert verification method using ontology-based context classification approach to achieve the goal of high efficiency of verification. An implementation shows in the end for the sake of validating the feasibility of the approach. |
| |
| Keywords: | alert verification event correlation context classification ontology language intrusion detection system(IDS) |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
