|
|
计算机应用研究 2009
Intrusion detection framework based on network security knowledge databases
|
Abstract:
A new intrusion detection framework based on the existing network security knowledge databases was This paper proposed a new intrusion detection framework based on the existing network security knowledge databa-ses. It included data filtering, attack attempt analyzing and threat evaluation engines. The evolving self-organizing map was used to find attacks with same source and multi targets. Time series analysis method was utilized to obtain correlation rules to correlate intrusion events on-line, so the complicated attacks with disperse attack times could be checked. Then the threat evaluation indexes and quantitative threat evaluation formulas for evaluating serves, hosts and local area network were given. The framework is more integrated and has more useful knowledge than existing intrusion detection system (IDS) and easier to find coordinated attacks with lower false positive rate.
