Design And Implementation Of Alert Fusion With Expert System Based On Aitificial Neural Expert System

With the development of information technology and networking, more and more people start using the computer. However, the corresponding security issues exposed, and were getting worse. Network attacks, malicious Trojans, virus and so on filled with the entire network, making personal computer information security become one of the focuses that people concern. The emergence of network security management system is a good solution to this problem.Network security management is a management platform for a variety of network security devices, which provides a built-in firewall, intrusion detection systems and anti-virus servers and provides hosts and servers on the LAN with a very good protection. However, the number of alert events produced by various types of equipments is huge, their information is complexity and the rate of false alert is high, all of these make security administrator difficult to analyze and process. Therefore, the fusing and filtering of alerts generated by security devices such as intrusion detection system is very important, it will improve alert handling efficiency of the security administrator.To solve this problem, we propose an alert fusion technology based on neural network expert system. The main content of the work is described below:1.We introduced the classification of the existing intrusion detection systems, domestic and international alert fusion technology, artificial neural networks and expert systems theory and research status, and the basic principles of neural network combining with expert system. 2.We improved BloomFilter algorithm to reduce its error rate to zero. The algorithm was applied to alert information filtering and an alert filtering module based on the algorithm was designed and implemented by Java.3.We proposed a design of alert fusion prototype system based on BloomFilter algorithm combined with neural network expert system theory and implemented this design by using JSP/Servlet/JavaBean technology to effectively improve the alert fusion rate.