Abstract:
After analysing the clustering algorithm and alerts’ prerequisite-consequence attributes, a novel approach of correlating and analysing intrusion alerts based on the combination of both is proposed. Experimental result on DARPA 2000 dataset proves that this approach can pre-process alerts successfully. Compared with the result of using only the prerequisite-consequence alert correlation method, the proposed approach can successfully eliminate three correlation errors, thus improve the efficiency of the correlation.
Key words:
intrusion detection,
clustering algorithm,
prerequisite-consequence alert correlation method
摘要: 分析了聚类算法和报警先决条件关联方法,在二者的基础上提出了一种基于聚类和报警先决条件的网络入侵关联分析模型。使用DARPA 2000数据的测试结果表明,提出的模型可对报警信息进行有效预处理。与仅用报警先决条件关联方法相比,成功排除了3个错误报警关联,有效提高了关联效果。
关键词:
入侵检测,
聚类算法,
先决条件及结果关联方法
CLC Number:
WU Zheng-zhen; CHEN Xiu-zhen; LI Jian-hua;. Correlation and Analysis of Intrusion Alerts Based on Clustering Algorithm and Alerts’ Prerequisite-consequence Attribute[J]. Computer Engineering, 2007, 33(21): 122-124,.
吴正桢;陈秀真;李建华;. 基于聚类和报警先决条件的网络入侵关联分析[J]. 计算机工程, 2007, 33(21): 122-124,.