%0 Journal Article
%T Intrusion detection framework based on network security knowledge databases<br>基于网络安全知识库的入侵检测模型
%A XIAO Yun
%A WANG Xuan-hong
%A <br>肖云
%A 王选宏
%J 计算机应用研究
%D 2009
%I 
%X A new intrusion detection framework based on the existing network security knowledge databases was This paper proposed a new intrusion detection framework based on the existing network security knowledge databa-ses. It included data filtering, attack attempt analyzing and threat evaluation engines. The evolving self-organizing map was used to find attacks with same source and multi targets. Time series analysis method was utilized to obtain correlation rules to correlate intrusion events on-line, so the complicated attacks with disperse attack times could be checked. Then the threat evaluation indexes and quantitative threat evaluation formulas for evaluating serves, hosts and local area network were given. The framework is more integrated and has more useful knowledge than existing intrusion detection system (IDS) and easier to find coordinated attacks with lower false positive rate.
%K network security
%K knowledge datasets
%K intrusion detection framework
%K correlation
%K threat evaluation<br>网络安全
%K 知识库
%K 入侵检测模型
%K 关联
%K 威胁评估
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=A9D9BE08CDC44144BE8B5685705D3AED&aid=63286206F1F64DE753E60B90599D27F9&yid=DE12191FBD62783C&vid=96C778EE049EE47D&iid=38B194292C032A66&sid=E062BF8B95A95FD2&eid=5A9F0976AE79CB6F&journal_id=1001-3695&journal_name=计算机应用研究&referenced_num=0&reference_num=5