%0 Journal Article
%T An IDS Alarm Analysis Method for Intrusion Warning Based on Time Series Theory<br>一种基于时间序列面向预警的警报分析方法
%A MEI Hai-Bin GONG Jian
%A <br>梅海彬
%A 龚俭
%J 计算机科学
%D 2007
%I 
%X It is a wel-1-known fact that intrusion detection systems create large amounts of alarms and most of them are false alarms. How to analyze alarms automatically and find useful information from them has attracted a lot of interests. Although many approaches have been proposed, most of them focus on the relationship of different types or attributes of alarms, and they have deficiency in the large-scale network environments. This paper pays attention to the relation between alarm nnmbars and presents a novel alarm analysis method based on time series theory. Using the self-similar characteristic of alarms under normal conditions, a season model of alarms is constructed. With this model and the relationship of alarm number, warning information is quickly given when large-scale network intrusions, such as DDoS and worms, occur. This method has been tested on real world data, and experimental results demonstrate that the approach has a high degree of warning accuracy when largescale network intrusions happen and can be integrated with IDS easily.
%K 入侵检测系统
%K 网络安全
%K 警报分析
%K 时间序列
%K 季节模型
%K 预警
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=64A12D73428C8B8DBFB978D04DFEB3C1&aid=EAE7AB67D95E51E4F1B6876730675E56&yid=A732AF04DDA03BB3&vid=339D79302DF62549&iid=59906B3B2830C2C5&sid=68D88C2FCF9C3098&eid=AA76E167F386B6B3&journal_id=1002-137X&journal_name=计算机科学&referenced_num=0&reference_num=22