论文部分内容阅读
针对传统的IDS检测手段单一、误报率高的不足,研究如何在入侵检测中引入协作。提出了基于信息共享的协同入侵检测模型和算法。该模型独立于具体的系统,从而为通用的协同入侵检测系统提供了一个框架。协同入侵检测算法包括基于时间密度的抗噪声聚类算法和警报关联分析算法。在此基础上,实现了一个原型系统,并结合数据集测试方法对原型系统进行了测试,验证了模型和算法的可行性和有效性。
Aiming at the disadvantages of traditional single IDS detection method and high false positive rate, this paper studies how to introduce collaboration in intrusion detection. Proposed a collaborative intrusion detection model and algorithm based on information sharing. The model is independent of the specific system, providing a framework for a common collaborative intrusion detection system. Collaborative intrusion detection algorithms include anti-noise clustering algorithm and alarm correlation analysis algorithm based on time density. On this basis, a prototype system is implemented, and the prototype system is tested with data set testing method. The feasibility and effectiveness of the model and algorithm are verified.