检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]清华大学电子工程系,北京100084 [2]清华大学信息网络工程研究中心,北京100084
出 处:《计算机工程》2008年第2期267-269,272,共4页Computer Engineering
基 金:国家“973”计划基金资助项目(2003CB314805)
摘 要:传统入侵检测系统虽然可以根据特征匹配的方法检测出攻击企图,却无法验证攻击企图是否成功,生成的报警不仅数量巨大而且误警率很高。该文提出一种结合漏洞扫描工具对入侵检测系统生成的报警进行验证的方法,根据被攻击主机是否包含能使攻击成功的漏洞来判定攻击能否成功,对攻击的目标主机不存在对应漏洞的报警降低优先级,从而提高报警质量。说明了报警验证模型各部分的设计和实现方法,系统运行结果显示该方法能有效地压缩报警量,降低误警率,帮助管理员从大量数据中找到最应该关注的真实报警。Traditional intrusion detection system detects intrusion attempts Using signature-based method, but it can hardly determine if the attempt is successful. As a result, alerts generated by IDS are not only huge in number but also poor in data quality, i.e. containing false positive alerts. This paper presents a method to verify alerts using vulnerability-scanning tools. The idea of alert verification is to check if the destination host has the necessary vulnerability that can make the intrusion successful. According to the result of alert verification process, attacks that possibly failed are degraded in priority. The experimental result shows that the alert verification model in distributed IDS can compress the duplicated alerts, reduce false positives efficientIy, which helps network administrators focus on actual alerts from overwhelming amount of data.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.30