| In recent years, with the popularization of the networks, cyber attack and illegal access increased rapidly, it makes the security of network become more grimly. IDS was regarded as the second defense of computer. There is important to reduce the risk of intrusion and protect to be accessed the resource and data of system no privilege. However, traditional intrusion detecting system has three limitations: the amount of alarm is continue increasing , the false alarm rate keeps high , and the alarm message is too trivial. These would make system administrators not to afford the deadweight, prevent them from knowing and mastering the security circumstances of network, and lead to them dose not right response. Therefore, how to reanalyze and reorganize alerts, remove redundant alerts, merge trivial alerts become emergent problems we should resolve. To solve those problems, alert correlation and analysis become the research point of this realm.Firstly, this paper generally reviews the IDS technology and alert correlation technology, then summarizes the current achievements of the inland and abroad. After analyzing the limitations of the existing correlation methods, we put forward a new method in this paper. By the means of Data Mining, it can discover the disciplinarian among alarms attributes and alarms.In this paper, we introduce the design and implement of the alarm system based on data mining. The system is made up of two parts:1. Transverse correlation among alarms. System finds the correlation among the alarms, educes the disciplinarian between alarms. Then system put the disciplinarian into relevant action to eliminate the alarm redundance.2. Longitudinal correlation among alarms. System finds the correlation among the alarms, educes the disciplinarian of the time. Then consolidates those alarms which have same time.At last, we do experiment to test the system, and prove that the system is good for reduce the amount of alarm and the false alarm rate. |
PDF Full Text Request