检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]西北大学信息科学与技术学院,陕西西安710127 [2]西安交通大学电子与信息工程学院,陕西西安710049
出 处:《系统仿真学报》2007年第15期3485-3488,3493,共5页Journal of System Simulation
基 金:国家"八六三"高技术研究发展计划项目(2004AA1Z2280);国家"九七三"重点基础研究发展规划项目(2001CB309403)
摘 要:针对从入侵检测系统产生的复杂报警数据中难以获取有意义的攻击实例的问题,提出了一种基于改进的进化型自组织映射(IESOM)的攻击实例挖掘方法。IESOM算法给出了基于获胜神经元和其它神经元的距离的连接强度初始值,解决了进化型自组织映射(ESOM)算法中的连接强度初始值的选择问题。基于IESOM的攻击实例挖掘方法先对报警数据进行IESOM聚类,再使用合并规则得到初步的攻击实例,最后使用筛选规则获取有意义的攻击实例。对XJTU-sensor的报警数据的攻击案例获取结果表明了提出的基于IESOM的攻击实例挖掘方法能够从大量的报警数据中高效地获取典型的攻击实例。To solve the problems of obtaining interesting attack instances from complicated alerts generated by intrusion detection system, an attack instances mining method based on improved evolving self-organizing maps (IESOM) was proposed. The initial connection strengths between the winning neure and other neures were defined on the basis of their distances in IESOM, which solve the problem of choosing the initial connection strengths in evolving self-organizing maps (ESOM). These alerts were firstly clustered using IESOM, and these clustering results were merged with the merging rule to obtain initial attack instances in attack instances mining method based on IESOM, then these significative attack instances were obtained after filtering those initial attack instances according to a few of filtering rules. The attack instances mining results on the alerts raised by XJTU-sensor show that the proposed method is effective to obtain attack instances from plentiful alerts.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.116.42.179