标签:安防监控系统,安防工程,安防系统,
本站提供基于安全扫描信息降低入侵检测系统的误报率免费下载,http://www.5idzw.com
通常入侵检测系统在一旦发现有入侵迹象时便发出警报,但许多入侵攻击最终是不能
成功的或者说并不能给系统或网络造成危害,所以相应的警报属于无效警报,而正是大量无效警报的存在使得入侵检测系统有着较高的误报率。在本文中,针对网络型误用入侵检测系统建立了一种新的警报过滤机制,此机制通过安全扫描系统建立起一个本网络的漏洞数据库,由于一种网络攻击一般都是针对一个或多个程序漏洞的,当入侵检测系统发现可疑入侵时,找出攻击成功时所需存在的漏洞,并依据漏洞数据库加以实时确认此漏洞是否存在,若不存在,则只是记入日志而不发出警报,从而过滤无效警报的产生。实验结果证明,本文提出的警报过滤机制可以有效的降低误报率。
关键词 入侵检测安全扫描漏洞数据库警报过滤 降低误报率
Abstract:One problem is the fact that intrusion detection systems are often run without any (orvery limited) information of the network resources that they protect.Althorugh tuning and proper configuration may eliminate the most obvious spurious alerts,the problem of the vast imbalance between actual and false alerts remains. This paper proposes an alert filtering scheme to reduce the false rate of intrusion detection systems.With the security scan system the scheme sets up a hole database of the protected network,against which a preliminarily recognized attack threat can be verified in determining if the attack may really succeed before it is reported.Expreiment result shows with the filtering scheme the false rate of intrusion detection systems obviously reduced.
Keywords: intrusion detection,security scan,hole database,alert filtering,false alert reduction,大小:3.87 MB
通常入侵检测系统在一旦发现有入侵迹象时便发出警报,但许多入侵攻击最终是不能
成功的或者说并不能给系统或网络造成危害,所以相应的警报属于无效警报,而正是大量无效警报的存在使得入侵检测系统有着较高的误报率。在本文中,针对网络型误用入侵检测系统建立了一种新的警报过滤机制,此机制通过安全扫描系统建立起一个本网络的漏洞数据库,由于一种网络攻击一般都是针对一个或多个程序漏洞的,当入侵检测系统发现可疑入侵时,找出攻击成功时所需存在的漏洞,并依据漏洞数据库加以实时确认此漏洞是否存在,若不存在,则只是记入日志而不发出警报,从而过滤无效警报的产生。实验结果证明,本文提出的警报过滤机制可以有效的降低误报率。
关键词 入侵检测安全扫描漏洞数据库警报过滤 降低误报率
Abstract:One problem is the fact that intrusion detection systems are often run without any (orvery limited) information of the network resources that they protect.Althorugh tuning and proper configuration may eliminate the most obvious spurious alerts,the problem of the vast imbalance between actual and false alerts remains. This paper proposes an alert filtering scheme to reduce the false rate of intrusion detection systems.With the security scan system the scheme sets up a hole database of the protected network,against which a preliminarily recognized attack threat can be verified in determining if the attack may really succeed before it is reported.Expreiment result shows with the filtering scheme the false rate of intrusion detection systems obviously reduced.
Keywords: intrusion detection,security scan,hole database,alert filtering,false alert reduction,大小:3.87 MB
上一篇:混合型防火墙的研究与设计