The Correlation Analysis Based On The Fuzzy Similarity Of Property

Any network information systems are vulnerable to a variety of network security risks. Attackers have the ability to break any new technology to be developed as well as break the existing network security In such circumstance, it is so important that we have to introduce the rapid intrusion detection (IDS)and recovery capabilities into networks security.For distributed intrusion detection, multiple IDS collaborative allocation can strengthen the network system security, but also produce a large number of repeated alarm or alert redundancy. In order to eliminate redundant alarms effectively, improve the intrusion detection effect and performance, this paper puts forward a kind of intruder alert polymerization calculate algorithm, which is based on feature attribute fuzzy similarity. This algorithm base on fuzzy logic and the comprehensive analysis of the attack type characteristic, alarm features of time, space characteristics, through definition of specific membership function respectively, according to attack types and time, space characteristic attributes similarity of intruder alert for polymerization, real-time processing events and redundancy eliminating. Meanwhile, introduced the concept of believability, According to the differences of distributed environment, IDS choose the optimum words credibility, make the alarm information fusion as near the actual situation, give full play to the advantages of information fusion.Based on Valde's assume that using the alarm information on the basis of the characteristic similarity in the alarm information association, and combine with the current intrusion detection system, This paper putting forward some own viewed on alert correlation. The work mainly embodied in the following:1. The concept of confidence is introduced as an independent alarm filtrating attribute to the whole algorithm, at the same time direct optimization alarm filtrating results.2. Format alarm message based on certain standards, then centralized collection, storage them which come from intrusion detective system.3. Research, choice, and realize the correlation algorithm which based on attribute similarity degree. Then analyzing the collected data, digging out the connection of them, by clustering association, merged, clustering, forming the alarm information of high quality, reduce the redundancy rate between alert information.4. By means of using traffic-rate tool simulated the algorithm, the preliminary experimental results show that this model can guarantee alarm information integrity in the premise of effective to reduce repeated alarm, reduce the alarm information redundancy.