【摘要】 入侵检测系统在网络安全中有重要的作用,但是入侵检测系统的可信性问题一直没有很好解决,成为困扰入侵检测技术发展的一个主要因素。因此,为了改善入侵检测系统的可信性,给出了可信度的数学定义,阐明了可信度和虚警率、漏警率及检测率的关系;分析了产生虚警的原因。以Snort系统为仿真对象,提出了系统的改进结构、关联性分析模块和报警分析器,并对报警分析的3种方法进行了说明;最后介绍了系统的仿真测试和数据分析结果。更多还原

【Abstract】 Intrusion detection system is very important in network security.But the credibility of intrusion detection system has not been solved properly.So it becomes a primary problem that impedes the development of intrusion detection technology.In order to improve the credibility of intrusion detection system,the mathematical definition of degree of credibility is given,and the relationship between the false alarm rate,missing alarm rate,detection rate and the degree of credibility is illuminated.Reasons of false alarm are analyzed too.By using Snort as a simulation object,an improved architecture of system,an interrelation module and an alarm analysis module is proposed.Furthermore,three methods in the alarm analysis module are explained.Lastly,the result of simulation test and data analysis are introduced.更多还原