The Research Of Intrusion Processing Risk Evalution System

Posted on:2011-10-28

Degree:Master

Type:Thesis

Country:China

Candidate:Y H Qiu

Full Text:PDF

GTID:2178360302988382

Subject:Computer application technology

Abstract/Summary:

PDF Full Text Request

Intrusion detection systems monitor the network or system resources, to find violations of safety policy acts or attacks, and then create alerts. Intrusion detection systems make up for lack of a firewall, but it also has a high false alarm rate, omission rate, redundant alarm more than a limited ability to respond and so on.In order to solve the above problems, Intrusion processes have been proposed for risk assessment concepts and frameworks in order to assess the invasion process, as the main target, response to the current attacks on the harm caused by network and system for safety management to provide an accurate assessment of the security situation。This article focuses on the risk assessment model of alarm modules and risk assessment associated with aggregation module algorithm. Main tasks are as follows:First of all, against the invasion process-based risk assessment system, alarm information processing module presents a causal link and classification based on similarity aggregation associated with an integrated alarm information associated with improved algorithm. It reduces the rate of alarm information, omissions, and the reduction of a large number of duplicate alerts.Secondly, in the risk assessment study and propose a module from the service, host and network level of risk assessment model and its algorithm, which make full use of alarm information fusion module generated alarm information to overcome the risk assessment of the subjectivity, in order to accurately assessment of a thread is taking place in the three levels of alarm generated by the risk of intrusion processing.The paper provide an objective basis for the latter part of the decision-makingFinally, as the application of these results, this paper based on c#. Net realized the improved algorithm and the proposed model, and use DARPA2000 dataset on the system test to verify the feasibility of the system, effectiveness, and summarize various aspects of the system performance, in order to lay a foundation for further improvements.

Keywords/Search Tags:

Intrusion detection, Risk assessment, Alert correlation, Alert aggregation, Gradation analysis

PDF Full Text Request

Related items

1	Research And Implementation Of Intrusion Alerts Correlation Model And Key Technologies
2	Intrusion Alert Correlation Based On Ontology
3	Research On Alert Information Processing Technology Of Network Security
4	Alerts Fusion In Distributed Intrusion Detection System
5	Research And Implementation Of Alert Correlation System Based On Attribute Similarity
6	Research On Alert Correlation Technology Of Intrusion Detection System
7	A Comprehensive Vulnerability Based Alert Management Approach
8	Research Of Aggregation And Correlation Analysis Techniques For Network Security Events
9	Research On Alert Correlation And Analysis Engine In Intrusion Detection System
10	Research On Alert Data-processing Technology For Intrusion Detection System