| Intrusion detection is an important technique of safeguarding network security, which can achieve active defense, reduce damage of attack to minimum. In large-scale network, intrusion appeared synergetic、distributional and so on, and it’s hard to find the intrusions relying only host or network. Moreover, the alerts generated by intrusion detection system are not entirely correct. In fact, a great number of alerts are repeated and false alarms, it costs a lot of time and energy for analyst to deal with them, but also resulted in waste of resources to the system.This thesis presents a data fusion model for large-scale network intrusion detection system. This model analyses the intrusion alert data, extract the abnormal alarms contained real attack, and filters out the normal alarms in order to reduce the numbers of alarms and false alarm rate. By interconnection, local area warning centers link up to the head warning center, which forms data transmitted and information shared between system and inside. This structure model has solved the hidden problem of synergetic or distributional attacks, and adapt to the situation of the existing large-scale network intrusion detection system which processes mass alerts.For the correlation algorithm in the data fusion model of intrusion detection system, the thesis discusses the shortages of classical correlation algorithm and related algorithm, and presents an improved and high-efficient algorithm. This thesis shows proposed ideas and detailed steps and checks the validation of this algorithm by example. Using data sets KDDCup99and intrusion detection specific data sets DARPA99, simulation experiments are performed. The experiment results show that the proposed data fusion model and the improved correlation algorithm greatly reduce the repeated alarms, lower false alarm rate and improve the real-time of system. |
PDF Full Text Request