基于类别划分的OSSEC报警数据聚合方法  被引量:1

Classification of category based OSSEC alert data aggregation method

在线阅读下载全文

作  者:陶晓玲[1,2] 龚昱鸣 赵峰 TAO Xiao-ling;GONG Yu-ming;ZHAO Feng(Guangxi Colleges and Universities Key Laboratory of Cloud Computing and Complex Systems,Guilin University of Electronic Technology,Guilin 541004,China;School of Computer and Information Security,Guilin University of Electronic Technology,Guilin 541004,China;School of Information and Communication,Guilin University of Electronic Technology,Guilin 541004,China)

机构地区:[1]桂林电子科技大学广西高校云计算与复杂系统重点实验室,广西桂林541004 [2]桂林电子科技大学计算机与信息安全学院,广西桂林541004 [3]桂林电子科技大学信息与通信学院,广西桂林541004

出  处:《计算机工程与设计》2020年第4期908-914,共7页Computer Engineering and Design

基  金:国家自然科学基金项目(61962015);广西自然科学基金项目(2016GXNSFAA380098);广西科技重点研发计划基金项目(桂科AB17195045)。

摘  要:为解决目前基于主机的开源入侵检测系统(open source HIDS security,OSSEC)报警数据类别属性不统一、冗余量大导致数据聚合率低的问题,提出一种基于类别属性划分的报警数据聚合方法。借助MapReduce编程模型对原始报警数据进行合并,按类别属性对其进行划分,计算属性相似度,使用熵值法确定属性权重,对报警数据进行聚合。实验结果表明,该方法提高了OSSEC报警数据的聚合率和系统检测率,降低了系统误报率。To solve the problem that the alert data category attributes of open source HIDS security are not unified and the large redundancy leads to the low rate of data aggregation,an alert data aggregation method based on the classification attributes was proposed.The original alert data were merged with the MapReduce programming model,the data were divided according to the category attributes,and the attribute similarity was calculated and the attribute weight was determined using the entropy method,the alert data were aggregated.Experimental results show that the proposed method improves the aggregation rate and system detection rate of OSSEC alert data,and reduces the system false alarm rate.

关 键 词:报警数据聚合 属性权重 类别属性划分 属性相似度 聚合率 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象