全部 标题 作者
关键词 摘要

OALib Journal期刊
ISSN: 2333-9721
费用:99美元

查看量下载量

相关文章

更多...

Honeynet中的告警日志分析

DOI: 10.13190/jbupt.200806.63.wub, PP. 63-66

Keywords: 蜜网,入侵检测,告警关联

Full-Text   Cite this paper   Add to My Lib

Abstract:

提出一种带有告警日志分析的蜜网(honeynet)架构设计和告警日志分析模型.将网络入侵检测和主机入侵检测的告警信息相结合,利用网络信息和告警相似度函数进行告警过滤和融合,采用改进的Apriori算法挖掘告警的关联规则,并通过匹配规则形成最终的攻击报告.实验表明,该方法能有效减少honeynet中冗余的告警,分析出honeynet系统遭受攻击的关联关系,并展现攻击场景.

References

[1]  唐勇, 卢锡城, 胡华平, 等. Honeypot技术及其应用研究综述[J]. 小型微型计算机系统, 2007, 28(8): 1345-1351. Tang Yong, Lu Xicheng, Hu Huaping, et al. Honeypot technique and its applications: a survey[J]. Journal of Chinese Computer Systems, 2007, 28(8): 1345-1351.
[2]  Wu Bin, Zheng Kangfeng, Yang Yixian. A data safety transmission solution in web application//WI-IAT Workshop. Silicon Valley: IEEE Computer Society, 2007: 303-306.
[3]  Jin Hai, Sun Jianhua, Chen Hao, et al. A fuzzy data mining based intrusion detection model//the 10th IEEE International Workshop on Future Trends of Distributed Computing Systems. Suzhou: IEEE Computer Society, 2004: 191-197.
[4]  Han Jiawei , Cai Yandong, Cercone N. Data-driven discovery of quantitative rules in relational databases[J]. IEEE Transactions on Knowledge and Data Engineering, 1993, 5(1): 29-40.
[5]  Julisch K. Clustering intrusion detection alarms to support root cause analysis[J]. ACM Transactions on Information and System Security, 2003, 6(4): 443-471.
[6]  Agrawal R, Srikant R. Fast algorithms for mining association rules//the 20th International Conference on Very Large Databases. Santiago: , 1994: 487-499.
[7]  Han Jiawei, Micheline K. Data mining: concepts and techniques[M]. Fan Ming, Meng Xiaofeng, translated. Beijing: China Machine Press, 2007: 149-158.

Full-Text

Contact Us

service@oalib.com

QQ:3279437679

WhatsApp +8615387084133