期刊论文

Xia, X.(wnow2_10@yahoo.com.cn)

英文

北京交通大学学报

1673-0291

2008

32

6

116-122

10.3969/j.issn.1673-0291.2008.06.026

Supported by Science and Technology Bureau of Wuhan Municipality（200710421130）；

本校为第一且通讯机构

Intrusion Detection System (IDS) nowadays are known for producing a huge amount of alerts that are either not related to true alerts or not represented successful attacks due to lack of information to verify and to correlate IDS events. Alert verification, in the process of event correlation, is a method that we use to determine whether an alert from IDS is a false positive and to identify the success of an attack through context information of protected environment in two aspects. That is victim host context information and network context information. This paper presents alert analysis archi...

由于缺乏评估和关联报警的背景知识，IDS（入侵检测系统）产生的海量报警无法得到更进一步的真实化确认，从而使IDS成为当今安全产品中的诟病。在事件关联范畴内的报警评估是利用被监控系统的背景知识对IDS产生的大量报警进行进一步的分析，从而把真实的危害系统的报警呈现给用户的过程。这些用于评估IDS报警的背景知识包括受害主机系统信息和网络环境信息。本文介绍了事件关联的主要结构，并着重介绍报警评估的流程和所需背景知识库；然后详细描述了基于本体的背景知识库的分类技术；最后给出基于背景知识分类技术在报警评估过程中的具体实现过程。