Research On Alert Fusion Mechanism In Intrusion Detection System

Posted on:2009-07-06

Degree:Master

Type:Thesis

Country:China

Candidate:X Zhu

Full Text:PDF

GTID:2178360245970034

Subject:Cryptography

Abstract/Summary:

PDF Full Text Request

Recently, the number of network security events is increasing rapidly with the high-speed development of the Internet. A huge number of alerts are generated by IDS when confronting enormous events, among which there are lots of false alerts and redundant alerts. That will weaken the effect of IDS severely in practical application. Therefore, it's very important to do the fusion of the alerts which are reported by IDS, so that the accuracy of the reported network security events is improved.In this dissertation, the fundamental knowledge of IDS is introduced first, and then the architecture and implement of distributed IDS. After that, it focus on the original data filtration mechanism based on protocol analysis, an intrusion detection alert filtration mechanism based on expert system and an primary alert fusion mechanism based on alert class association.An original data filtration mechanism is proposed, which is to solve the problems of existing IDS high false positive rate. The mechanism employs protocol analysis to filter original data and reduce false alerts. It can be employed in either IPv4 network or IPv6 network.An Alert Filtration Mechanism is proposed, which is to solve the problems of existing IDS high false positive rate. The mechanism is based on Expert System employs knowledge-base and filtration engine is to filter original alerts, reduce false alerts and prepare for alerts fusion.A primary alert fusion mechanism is proposed, which is to solve the problems of existing high false positive rate. The mechanism is based on alerts filtration mechanism and alert class association employs alert classification and association engine which is to fuse alerts, reduce redundant alerts. The false positive rate can be reduced by the mechanism and some complicate intrusions can be found.The three alert processing mechanisms above are an organic integrity. After the three steps, the false alerts and the redundant alerts will be decreased to some extent. Meanwhile, some connection between alerts can be found via the fusion of alerts.

Keywords/Search Tags:

network security, IDS, protocol analyze, expert system, alerts fusion

PDF Full Text Request

Related items

1	Ming Of Attack Models In Security Alerts From High Speed Network The Method And The Implementation
2	Research On Crucial Technologies Of Network Security Threat Situation Awareness Based On Multi-source Alerts
3	Design And Implementation Of Lan Security, Port-based Traffic Analysis Detection System
4	Visualization of Intrusion Alerts for Network Security Monitoring and Analysis via Heuristic Host Selection
5	The Research On Network Security Situation Awareness Based On Data Mining
6	Analyze And Design A Security System Based On IPSec
7	Alerts Fusion In Distributed Intrusion Detection System
8	Design And Implementation Of Alert Fusion With Expert System Based On Aitificial Neural Expert System
9	Research And Implementation Of Network Intrusion Detection System Based On Protocol Analysis
10	Research And Implementation Of High Performance Virtual Private Network Based On Network Processor