检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:昝鑫[1] 韩崇昭[1] 姚婷婷[1] 韩九强[1]
机构地区:[1]西安交通大学电子与信息工程学院,西安710049
出 处:《西安交通大学学报》2005年第2期195-195,共1页Journal of Xi'an Jiaotong University
基 金:国家高技术研究发展计划资助项目(2001AA40213);; 国家自然科学基金资助项目(60243001);; 国家重点基础研究发展规划资助项目(2001CB309403).
摘 要:针对主机入侵行为的复杂性与正常用户行为的相似性,提出利用序列模式挖掘方法挖掘攻击者频繁使用的主机入侵命令序列,将频繁主机入侵命令转换为底层入侵检测器的检测规则,用于检测用户的可疑行为,同时为了消除误报,设计了一个基于入侵事件状态的关联引擎,将挖掘产生的频繁主机入侵命令序列作为入侵关联规则并提出了一种新的入侵关联算法。A sequence mining method to obtain the frequent intrusion command sequences executed by the intruders was presented. The frequent intrusion commands were transformed into the detection rules of the low-level intrusion detection sensor in order to detect the suspicious behaviors. To eliminate the false (alarms), an efficient intrusion correlation engine based on intrusion incident context was designed and the frequent intrusion command sequences were used as the association rules. Moreover, a novel intrusion correlation algorithm was presented, which consider both the sequential relations of every host intrusion class and the causal relations of different host intrusion classes to compute the probability of the intrusions. The algorithm fully embodies the complexity and diversity of host intrusion activities. Experimental results show that this intrusion correlation model not only improves the detection rate but also reduces the false (alarm) rate of host intrusion activities, especially reducing about 20 percents of the false alarm rate of downloading tools activities and gathering system information activities of the intruders.
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.229