| With the development of Internet, computer network security is becoming a more and more concerned question. To enhance the security capability of computer network, people have adopted many security technologies including encryption, identity recognition, and access control. With the development of intrusion detection technology, IDS (Intrusion Detection System) has become an important method in network security system.The IDS could have alert fusion, alert correlation, risk assessment and response strategy four parts. Alert correlation plays a key role in network security. It provides necessary data resources for risk assessment and response strategy.Intrusion alert correlation analyses the intrusion alert based security information and aims at combination and interpretation to the information, the objective of which is to identify the attack plan and reconstruct the attack scene. In this paper, which is for the alert correlation, I explain how to use ontology's knowledge and make preliminary study.In this paper, we deeply analyze the architecture, data source and detection technology of the present IDS. We take a research on the alert management in the distributed intrusion detection environment, and the main content is as follows:1) Introducing a model of alert corralation's knowledge database, and describing its architecture and functionality completely. I also make out some amendings.2) The model was found using the tools of ontology. It contains logic information. For conveniency, this model does not include all the attacks.3) Reasoning the model which was found before. We could make use of reasoning tools to check the model's consistency, to avoid logic inaccuracy, so as to provide data for the other module.4) Reasoning the model by programming. After that, the result could be converted to other format. If we have done this very well, it could be used by all kinds of IDS.5) The summary of this paper. After analysing the reasoning result, I arrange my next work. |
PDF Full Text Request