| As an important component of network security system, Intrusion Detection System has been used widely in network security service. The use of intrusion detection has given rise to other difficult problems, such as the high False-positive rate, the handling of large number of alarms and the needing of operator who has high technology. These problems limited the use of IDSs. But there is no perfect way to solve it.This dissertation analyze why IDSs produce these problems, and think that the reason that NIDS is short of knowledge about network environment and intrusion environment mainly account for it. This dissertation give a way to reduce False-positive and the number of alarms by analyzing NIDS Alarms. We use Database to store network environment, and use these information to filter alarms. Data mining technology is used to analyze alarms, and find intrusion pattern. It is learning from the past to master the future. A framework of alarms analysis system is designed, then we build a NIDS alarms analysis system on Snort IDS, complete prototype designing and partly component. Finally, we test the system by the real-world data from DefCon's Capture the Flag, and prove that it is useful to the handling the alarms.
|
PDF Full Text Request