摘要
入侵检测系统是一种重要的网络安全防护措施,但是,IDS常常触发大量误警,使得网络安全员不堪重负。基于大量误警是重复发生并且频繁发生这一研究结果,文中运用面向属性归纳的概念聚类方法试图寻找导致IDS产生大量误警的本质原因,实现了一种启发式的入侵检测警报概念聚类算法。该算法能有效识别误警和防止过度概化,减轻网络安全分析员的负担。
Intrusion detection system is an important measure to protect network security. But the IDS triggered thousands of false alarms, which make network security analyst tired of dealing with these alarms. Based on the research result that thousands of false alarms are repetitive and frequent, this paper uses conceptual clustering based on AOI algorithm to find the essential cause that lead to thousands of false alarms. This paper realizes a heuristic conceptual clustering algorithm for intrusion detection alarms. This algorithm can effectively avoid over-generalization and alleviate the burden of network security analyst.
出处
《计算机工程》
CAS
CSCD
北大核心
2005年第7期35-36,62,共3页
Computer Engineering
基金
国家自然科学基金资助项目(60273075)
关键词
入侵检测警报
概念聚类
面向属性归纳算法
误警
Intrusion detection alarm
Conceptual clustering
AOI algorithm
False alarms
