一种基于凝聚度的报警处理算法

doi:10.16182/j.issn1004731x.joss.201704021

系统仿真学报 ›› 2017, Vol. 29 ›› Issue (4): 859-864.doi: 10.16182/j.issn1004731x.joss.201704021

一种基于凝聚度的报警处理算法

黄金垒, 王衡军, 郁滨

解放军信息工程大学,河南郑州 450004

收稿日期:2016-05-22 修回日期:2016-08-04 出版日期:2017-04-08 发布日期:2020-06-03
作者简介:黄金垒(1991-),男,四川雅安,硕士生,研究方向为仿真、信息安全技术;王衡军(1973-),男,湖南衡阳,博士,副教授,硕导,研究方向为人工智能、信息安全等。

Cohesion Based Algorithm to Manage IDS Alerts

Huang Jinlei, Wang Hengjun, Yu Bin

PLA Information Engineering University, Zhengzhou 450004, China

Received:2016-05-22 Revised:2016-08-04 Online:2017-04-08 Published:2020-06-03

摘要/Abstract

摘要： 在研究分类系统和语义相似度的基础上,给出了簇的凝聚度的概念,提出了一种基于凝聚度的报警处理算法。算法以凝聚度为基础,利用改进的二分K均值算法聚合报警,并对聚合结果进行异常提取。实验结果表明,提出的算法能有效聚合大量报警、发现异常报警,且聚合结果具有良好的语义和较高的准确性。

关键词: 报警聚合, 异常提取, 语义相似度, 凝聚度, 改进二分K均值

Abstract: On the basis of intrusion taxonomies and semantic similarity, the concept of cluster cohesion as well as an algorithm was proposed to manage IDS alerts. Based on cohesion, the proposed approach used improved bisecting K-means to aggregate massive alerts, and extracted the abnormal alerts from clusters formed in aggregation. The experimental results show that the approach is effective in alerts aggregation and abnormal alerts detecting, and can generate understandable meta-alerts with higher accuracy.

Key words: alerts aggregation, anomaly extraction, semantic similarity, cohesion, improved bisecting k-means

中图分类号:

TP309.1

黄金垒, 王衡军, 郁滨. 一种基于凝聚度的报警处理算法[J]. 系统仿真学报, 2017, 29(4): 859-864.

Huang Jinlei, Wang Hengjun, Yu Bin. Cohesion Based Algorithm to Manage IDS Alerts[J]. Journal of System Simulation, 2017, 29(4): 859-864.

参考文献

[1] 穆成坡, 黄厚宽, 田盛丰. 入侵检测系统报警信息聚合与关联技术研究综述[J]. 计算机研究与发展, 2006, 43(1): 1-8.
(Mu Chengpo, Huang Houkuan, Tian Shengfeng.Survey of Intrusion-Detection Alert Aggregation and Correlation Techniques[J]. Computer Research and Development, 2006, 43(1): 1-8.)
[2] 王琢, 范九伦, 刘建华. 入侵检测系统报警信息聚合方法的改进[J]. 计算机工程与应用, 2010, 46(7): 107-109.
(Wang Zhuo, Fan Jiulun, Liu Jianhua.Improved Aggregation Algorithm for Intrusion-Detection Alerts[J]. Computer Engineering and Applications, 2010, 46(7): 107-109.)
[3] 郭帆, 余敏, 叶继华. 一种基于分类和相似度的报警聚合方法[J]. 计算机应用, 2007, 27(10): 2446-2449.
(Guo Fan, Yu Min, Ye Jihua.Alert Aggregation Algorithm Based on Category and Similarity[J]. Computer Applications, 2007, 27(10): 2446-2449.)
[4] Klaus Julisch.Using Root Cause Analysis to Handle Intrusion Detection Alarms [D]. Germany: University Dortmund, 2003.
[5] Saad S, Traore I.A Semantic Analysis Approach to Manage IDS Alerts Flooding[C]// Information Assurance and Security (IAS), 2011 7th International Conference on. USA: IEEE, 2011: 156-161.
[6] Siraj M M, Maarof M A, Hashim S Z M. Intelligent Clustering with PCA and Unsupervised Learning Algorithm in Intrusion Alert Correlation[C]// Information Assurance and Security 2009. Fifth International Conference on. USA: IEEE, 2009, 1: 679-682.
[7] 胥小波, 蒋琴琴, 郑康锋, 等. 基于混沌粒子群的IDS告警聚类算法[J]. 通信学报, 2013, 34(3): 105-110.
(Xu Xiaobo, Jiang Qinqin, Zheng Kangfeng, et al.IDS Alert Clustering Algorithm Based on Chaotic Particle Swarm Optimization[J]. Journal on Communications, 2013, 34(3): 105-110.)
[8] Ahrabi A A A, Navin A H, Bahrbegi H, et al. A New System for Clustering and Classification of Intrusion Detection System Alerts Using Self-Organizing Maps[J]. International Journal of Computer Science and Security (IJCSS)(S1985-1553), 2010, 4(6): 589-597.
[9] Steinbach M, Karypis G, Kumar V.A Comparison of Document Clustering Techniques[J]. KDD Workshop on Text Mining(S2095-2236), 2000, 400(1): 525-526.

一种基于凝聚度的报警处理算法

Cohesion Based Algorithm to Manage IDS Alerts

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 1

编辑推荐

Metrics

本文评价