Intrusion Detection System Alarm Correlation And Related Technology Research

With the Internet popularization, and the information technology development and its application, the connotation of the network information security is extending continuously, developing from the initial information secrecy to the information integrity, the usability, the controllability and to be undeniable, and then to the various basic theory and the implementation technology such as attack, defense, prevention, detection, control, management, assessment and so on.The network information security technology mainly includes two aspects: One is the information security; the other is the network system security. The information security based on the cryptology technology, that involves a series of contents of the information secret in transferring and storage process, such as the confidentiality, the integrity, undeniable and so on. The network system security involves the firewall; the intrusion detection; the viral defense; the security audit and so on, correlates the information security closely, and has applied many information security technologies.In all securities technology, the initiative defense technology looked unanimously favors, that with the key technology of the intrusion detection. But the intrusion detection system existed has many shortcomings such as high reported mistaken and fails, cannot prevent DDOS attacked, lacks mutually operation ability, lacks the overall view and the alarm correlation and so on, that have seriously limited the intrusion detection system development and its application.To these questions, this article revolves in the security pre-alarm system the IDS present situation and the shortcoming, the alarm information correlation, the alarm information correlation effect appraisal and so on the essential technology. The works which this article does mainly concentrates in follows:1. It has carried on the summary to the IDS present situation and the development tendency. Founded on the reviews of IDS in the development history, it analyzes IDS the main technology and the classification. Summarizes the main insufficiency IDS existed. That provides the foundation for the behind research.2. It has researched on the distributional alarm correlation frame. Funded on the generalized analysis correlation frame existed, it proposes the new frame with automatic response distributional IDS alarm correlation. This frame has made the special consideration to the distributional support, supports the automatic response, and has the good scaling and the good deployable.3. It has researched the alarm correlation. It has made the unified classification and the definition of the correlations to the IDS alarm, and created the mathematics model. And discussed emphasis to the great capacity alarm information to filter, induce, and the alarm information correlation inosculating. Helps the network administrator promptly process each kind of network invasion, held accurately and promptly entire network security situation, thus can adopt a more effective method and the measure manage and deposit the network. Guarantee the network security stably provides the service, reduces and avoids the network breakdown.4. It has researched the validity confirmation of the alarm information correlation. Discussed how to carried on the validity confirmation to the correlation algorithm, provided the gist to chose the correlation algorithm for the personnel related, and was allowed to act according to validity confirmation result prompt adjustment some parameters and the indictor related, in order to obtained the most accurate result.Supported by the topic " Researching on the DIDS Alarm Correlation based on the Passive Fingerprint Recognition Technology And Data mining " from Hunan Normal University, combining the alarm information correlation fuse and the validity confirmation and so on the essential technology to the topic practice, has completed the security event combination and the fusion and its validity confirmation which the distributional IDS proxy submitted. That has smoothly built the solid foundation for this project approval.