A Distributed Intrusion Detect Model Based on Alert Data Correlation Analysis
Intrusion detects is an important method to ensure the network security and the distributed intrusion detect system can detect the intrusion of the entire network. The association analysis is practical and feasible to improve the detective performance of intrusion detection system. The paper proposes a tree-layer alert data correlation analysis model of distributed intrusion system to reduce the false alerts by analyzing the intensity of the alert data, clear or reduce the repeated alert by clustering the alert data and discover the high-level attack tactics by associating the alert data. The paper provides the algorithm of each module, and the experiment of the high-level event correlation module with the detect attack data Mitnick shows that the association based on the ontology can achieve the detection of the process of the multi-step distributed attack.
ntwork security distributed intrusion detection similarity clustering alert data correlation
Baoyi Wang Xiaowei Ju Shaomin Zhang
School of Control and Computer Engineering North China Electric Power University Baoding 071003, China
国际会议
太原
英文
669-673
2010-10-22(万方平台首次上网日期,不代表论文的发表时间)