Calculation method for alert credibility based on peer correlation
-
摘要: 大部分入侵檢測系統的實現都會產生大量的報警信息,在一定程度上影響了系統管理,誤報率也較高,影響了入侵檢測的效果.針對這個問題,提出了一種基于節點關聯的報警置信度計算方法,位于對等網絡之上,節點在收到一系列入侵報警之后,需要進行節點關聯,從而對報警信息進行融合,提取有效報警信息.其中根據關聯對象的不同,節點關聯又包括報警關聯和信任關聯兩個層次,報警關聯可用來判斷入侵報警的有效性,信任關聯可用來判斷發起報警節點的可信性,給出了相關算法.仿真實驗表明,使用該報警置信度計算方法可以提高入侵報警的檢測準確率.Abstract: Most intrusion detection systems produce large amounts of alert information,which affect system management to some extent and lead to high misstatement rate,and thereby influence the intrusion detection.To solve this problem,a calculation method for alert credibility based on the peer correlation is proposed over P2P overlay networks,where peers need the association after receiving a series of intrusion alarm to integrate the alarm information and extract the effective alarm information.According to different associated objects,the peer correlation includes the alert correlation and the trust correlation.The effectiveness of intrusion alert information can be judged through the alert correlation,and the credibility of the peer producing the alarm can be measured through the trust correlation.A correlation algorithm is also given.Simulations show that the dual correlation algorithm can improve the accuracy of intrusion detection alerts.
-
Key words:
- intrusion detection /
- alarm /
- correlation methods /
- peer-to-peer networks /
- network security
-
點擊查看大圖
計量
- 文章訪問數: 103
- HTML全文瀏覽量: 24
- PDF下載量: 5
- 被引次數: 0
下載:
