基于Snort的入侵检测警报分析系统改进模型
기우Snort적입침검측경보분석계통개진모형
An improved model of Snort-based intrusion detection alerts analysis system
  • 万方数据
    齐齐哈尔大学学报(自然科学版) 제제합이대학학보(자연과학판)
    JOURNAL OF QIQIHAR UNIVERSITY(NATURAL SCIENCE EDITION)
    2014年 1期 6-8 ,共3页

    孙振龙%李晓晔%邓佳宾%宋广军

    손진룡%리효엽%산가빈%송엄군

    入侵检测%Snort%关联规则%警报分析 入侵檢測%Snort%關聯規則%警報分析
    입침검측%Snort%관련규칙%경보분석
    intrusion detection%snort%association rules%alerts analysis
    针对目前入侵检测系统存在的警报量大、误报率高的问题,设计了一个基于Snort的入侵检测警报分析系统改进模型。该模型以开源入侵检测系统Snort为基础,利用关联规则挖掘算法建立正常警报行为模式和异常警报行为模式,提高了系统的检测效率,并在一定程度上提高了系统对未知攻击的检测能力。
    침대목전입침검측계통존재적경보량대、오보솔고적문제,설계료일개기우Snort적입침검측경보분석계통개진모형。해모형이개원입침검측계통Snort위기출,이용관련규칙알굴산법건립정상경보행위모식화이상경보행위모식,제고료계통적검측효솔,병재일정정도상제고료계통대미지공격적검측능력。
    In view of the intrusion detection system (IDS)'s problem of the large number of alerts and the high false positive rate,an improved model of Snort-based intrusion detection alerts analysis system was designed. It bases on Snort,an open source IDS,and establishes normal and abnormal alerts behavior patterns. So the detection efficiency and unknown attacks detection capability of IDS are raised to some extent.
    원문보기 원문다운로드 사이트로이동
저자의 최근 논문