| Network-based attacks have become common and sophisticated. Intrusion detection system becomes more important. However, existing intrusion detection system can't solve the defect that the rate of false alarm is too high, so it came out the embarrassed scene that the intrusion detection system was not reliable.Under this situation, firstly, some means and technique for security are introduced which are in common use. After this, the reasons of false alarm of existing intrusion system are analyzed and mathematical definition of the degree of credibility is given. Furthermore, this paper points out that solving the problem of false alarm and credibility must proceed with the system architecture, detection algorithm and policy.This paper uses a policy of adding Alarm Analysis system to Snort while designing this system. Consequently, the alarm data can be analyzed and filtrated again, In addition, three definitions of interrelation are given according to some interrelations among the network data stream. During the designing of whole system, an interrelation analysis module is added, and in the alarm analysis system, this paper uses attribute analysis, probability analysis and clustering analysis to filtrate the alarm data. Finally, the experimental result is given that the alarm data is simulated and analyzed by the alarm analysis system, and then this system is proved that could depress false alarm effectively.
|
PDF Full Text Request