| IDS (Intrusion Detection System), as a positive measure of detecting information security, effectively compensate for flaws of the traditional security protection technology. Through the construction of the Dynamic security cycle, the system can maximize the security and reduce threats to security which do harm to the system.Because of the technology itself, the Intruding Detection System based on the misused detection technology presents the shortcomings of high rate of false alert. Too high false alert rate and the presence of large number of redundant information, result in overburdened system administrators. So they can not fully understand the security situation of the network to make appropriate response in time. Therefore, how to further carry out the re-analysis and re-organization, and how to eliminate of redundant alert, organize the trivial alerts, have become the problems needed to be solved urgently in the field of intrusion detection system. Based on these demands, alert correlation technology is being applied to the field of intrusion detection.In this thesis, we analysis several critical problems on Distributedly Intruding Detection. Firstly, we analysis the currently investigating situation of the intrusion detection. Then based on a intrusion detection system of a certain company, we design and carry out the alert correlation assembly through analysis system modules and component, which will be fused into the original structure to obtain the alert correlation ananlysis function and reduce the rate of false alert.Finally, the use of DARPA 2000 Intrusion Detection scenario-specific data sets LLDOS1.0 for experimental verification results show that: causal alert correlation analysis can effectively reduce the intrusion detection system's high rate of false alert, and can be used graphic display alert information in the form of a causal relationship between, the image reveals an attacker to attack the course and attack strategy. |
PDF Full Text Request