• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>IAENG transactions on engineering technologies >Intrusion Alert Correlation Framework: An Innovative Approach
【24h】

Intrusion Alert Correlation Framework: An Innovative Approach

机译:入侵警报关联框架:一种创新方法

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Alert correlation analyzes the alerts from one or more collaborative intrusion detection systems (IDSs) to produce a concise overview of security-related activity on a network. The process consists of multiple components, each responsible for a different aspect of the overall correlation goal. The sequence order of the correlation components affects the process performance. The total time needed for the whole process depends on the number of processed alerts in each component. An innovative alert correlation framework is introduced based on a model that reduces the number of processed alerts as early as possible by discarding the irrelevant and false alerts in the first phases. A new component, shushing the alerts, is added to deal with the unrelated alerts. A modified algorithm for fusing the alerts is presented. The intruders' intention is grouped into attack scenarios and thus used to detect future attacks. DARPA 2000 ID scenario specific datasets is used to evaluate the alert correlator model. The experimental results show that the correlation model is effective in achieving alert reduction and abstraction. The performance is improved after the attention is focused on correlating higher severity alerts.
机译:警报关联分析来自一个或多个协作入侵检测系统(IDS)的警报,以生成网络上与安全相关的活动的简要概述。该过程由多个组件组成,每个组件负责总体关联目标的不同方面。相关组件的顺序顺序会影响过程性能。整个过程所需的总时间取决于每个组件中已处理警报的数量。基于模型的一种创新的警报关联框架被引入,该模型通过在第一阶段中丢弃不相关和错误的警报来尽早减少处理警报的数量。添加了消除警报的新组件来处理不相关的警报。提出了一种用于融合警报的改进算法。入侵者的意图被分为攻击场景,因此可用来检测未来的攻击。 DARPA 2000 ID方案特定的数据集用于评估警报相关器模型。实验结果表明,相关模型可以有效地实现警报的减少和抽象。在将注意力集中在关联较高严重性警报之后,性能得到改善。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号