摘要
为了解决网络的入侵检测系统经常产生大量相似的或无用的警报数据的问题,依据法国MIRADOR项目的用于入侵检测系统的关联模型的相关研究工作,设计了一种警报合成算法。该算法采用动态的合成时间窗口和动态的最大合成数量窗口相结合,既有效地减少了无用警报的数量又保持了警报的及时性。初步实验结果表明,当NIDS产生大量相似或无用的警报时,该算法可以比较有效地降低其警报数量。
The problem of huge numbers of similar or false alarms is ubiquitous in most network-based intrusion detection system (NqDS). Based on the CR1M module within M1RADOR project, an algorithm is designed to merge these similar alerts to reduce the existing huge numbers of alarms. Dynamic merging-time window and dynamic merging-number window are used to assure the alert keep alarming in time. The results of tentative experiment indicate that this method is effective when the NIDS produces large numbers of similar alerts.
出处
《信息与电子工程》
2005年第3期182-185,共4页
information and electronic engineering
基金
中国工程物理研究院预研基金资助项目(2003-421050504-12-1)
关键词
计算机系统结构
合成算法
警报
入侵检测
computer architecture
merging algorithm
alert
intrusion detection
