欢迎您!东篱公司
退出
-
申报数据库
-
立项数据库
-
成果数据库
-
项目获奖数据库
中文摘要:
网络入侵检测系统是发现网络安全事件的有力工具.然而在实际的应用中它会产生大量的冗余告警,极大地增加了实时安全分析的难度.提出具有周期性告警是误告警的思想,并通过实际周期的寻找和确定来消除相关冗余告警.算法在中国教育科研网的一个分支网络测试,实验中能够实时去除90%以上的告警,同时对网络中部分周期性告警产生的原因也进行了分析,分析发现这些告警的确是误告警.
英文摘要:
NIDS (Network Intrusion Detection System) is an effective device to discover network security events. Nevertheless it will produce a large number of false positives in real network, which makes security analysis in real-time very difficult. This paper puts forward a new idea that alerts with periodicity are false positives, and filters relevant redundant alerts by the discovery and determination of periodicity. This algorithm has been tested in a branch network of CERNET (China Education and Research Network), and over 90% alerts can be removed in this way. Meanwhile some root causes that trigger periodic alerts can be discovered, it can be validated that these alerts are false positives indeed.
同期刊论文项目
同项目期刊论文
位置: