Intrusion Detection System Alarm Integration Of Key Technologies Research

Posted on:2012-04-26

Degree:Master

Type:Thesis

Country:China

Candidate:Q Zhao

Full Text:PDF

GTID:2218330338955726

Subject:Communication and Information System

Abstract/Summary:

PDF Full Text Request

Alarm fusion is the frontier of network security and intrusion detection, in recent years, many domestic and foreign experts'scholars in this field conducted in-depth research and development, making lots of creative theory, and these theories for us to continue research in this field laid the foundation.This thesis work done and the obtained innovation on mainly concentrated in alarm correlation algorithm. It presents a new exponential model correlation algorithm based on the probability density function of interval time of alerts, and an improved fuzzy correlation algorithm for time-series events of network security. Then doing some comprehensive experiments on the two of the newly algorithms.In this paper, we do some deep-going research into the key technology of intrusion detection, after investigating the current situation of network system's security and intrusion detection.There are three key points:alert correlation algorithm, detection system, and normalization of the detection information. Three correlation algorithms are present in this paper. They are Irish Model Correlation Algorithm about the Interval Time (IMCAIT), Fuzzy Correlation Algorithm based on Attribute Similarity Degree (FCAASD), and the Exponential Model Correlation Algorithm about the Interval Time (EMCAIT).This article discusses the theoretical basis and the derivation of these three algorithms above. And the validity of the three algorithms was verified by experiments.The FCAASD Unite with the EMCAIT, which is called United Algorithm. At the last, IMCAIT, EMCAIT and the United Algorithm were compared in the experiments. These experiments were carried out to check out the performance of the three algorithms in terms of the correlation efficiency and the correlation accuracy rate about the specific type alerts. And the United Algorithm performs best among them. At the end of this paper, it summarizes the advantages and the disadvantages of all the algorithms above. Listing some ideas about improve the correlation algorithms and the future research of fusion technology.

Keywords/Search Tags:

Intrusion Detection, Correlation Algorithm, Irish Model, Exponential Model, Probability Density, Fuzzy Correlation, Association Efficiency

PDF Full Text Request

Related items

1	Research On Intrusion Alert Correlation Based On Data Mining And Knowledge Framework
2	Research On Correlated-Analysis Intrusion Detection Technology
3	Research And Implementation Of Intrusion Alerts Correlation Model And Key Technologies
4	Research And Implementation Of Information Network Intrusion Detection And Alert Correlation Technology
5	Track Association Technology In Infrared Multi-target Tracking
6	Research Of The Intrustion Detection Based On Correlation Techniques
7	An Alert Correlation And Analysis Algorithm Of Distributed Intrusion Detector System
8	Investigation On Several Efficient Intrusion Detection Techniques
9	Research On The Advanced Model Of Automated Intrusion Response Based On The Intrusion Prediction
10	Intrusion Detection System Alarm Correlation And Related Technology Research