| 基于动态时间阈值的报警聚合方法研究 |
| |
| 引用本文: | 晏少华,徐蕾.基于动态时间阈值的报警聚合方法研究[J].沈阳航空工业学院学报,2010,27(5):68-72. |
| |
| 作者姓名: | 晏少华 徐蕾 |
| |
| 作者单位: | 沈阳航空航天大学,计算机学院,辽宁,沈阳,110136 |
| |
| 摘 要: | 针对网络入侵检测中持续性攻击引发的多个报警事件时间间隔变化的问题,引入时间间隔变异系数描述报警的时间波动特征;通过将报警数据属性分为时间约束属性和相似度约束属性,提出了一种利用动态时间阈值约束的相似报警数据聚合方法。实验结果表明,这种方法能有效减少持续性攻击触发的冗余报警。
|
| 关 键 词: | 入侵检测 报警聚合 时间间隔阈值 属性相似度 |
Alert aggregation method research based on dynamic time threshold |
| |
| YAN Shao-hua,XU Lei.Alert aggregation method research based on dynamic time threshold[J].Journal of Shenyang Institute of Aeronautical Engineering,2010,27(5):68-72. |
| |
| Authors: | YAN Shao-hua XU Lei |
| |
| Institution: | (Colledge of Computer Science,Shenyang Aerospace University,Liaoning Shenyang 110136) |
| |
| Abstract: | Focus on adjacent time intervals changing problem of alert sequences triggered by a persistent attack in NIDS,this article proposes to describe time fluctuation character of alerts with a time variation coefficient and an alert aggregation method based on dynamic time threshold by which alert data are divided into temporal constraint feature and similarity constraint features.Experiment results show that redundancy alerts triggered by persistent attack can be decreased effectively. |
| |
| Keywords: | intrusion detection alert aggregation time interval threshold attribute similarity |
| 本文献已被 维普 万方数据 等数据库收录! |
|
