会议专题

Algorithm of reducing the false positives in IDS based on correlation Analysis

查看全文→
  This paper proposes an algorithm of reducing the false positives in IDS based on correlation Analysis.Firstly,the algorithm analyzes the distinguishing characteristics of false positives and real alarms,and preliminary screen the false positives; then use the method of attribute similarity clustering to the alarms and further reduces the amount of alarms; finally,according to the characteristics of multi-step attack,associated it by the causal relationship.The paper also proposed a reverse causation algorithm based on the attack association method proposed by the predecessors,turning alarm information into a complete attack path.Experiments show that the algorithm simplifies the number of alarms,improve the efficiency of alarm processing,and contribute to attack purposes identification and alarm accuracy improvement.

Jianyi Liu Sida Li Ru Zhang

School of Beijing University of Posts and Telecommunications,Beijing,China

国际会议

2017 International Symposium on Application of Materials Science and Energy Materials (SAMSE 2017) (2017材料科学应用与能源材料国际研讨会)

上海

英文

1-5

2017-12-28(万方平台首次上网日期,不代表论文的发表时间)