頁籤選單縮合
題名 | IDEAs: Intrusion Detection and Event Analysis System Based on Data-Mining Approaches |
---|---|
作者姓名(中文) | 毛敬豪; 李漢銘; 李育杰; 鮑興國; 邱建益; 林恆生; 羅文揚; 黃秀娟; | 書刊名 | 資訊安全通訊 |
卷期 | 16:3 2010.07[民99.07] |
頁次 | 頁110-126 |
分類號 | 312.76 |
關鍵詞 | |
語文 | 英文(English) |
英文摘要 | The network intrusions highly depend on exploiting the victim's vulnerabilities by performing multiple intrusive actions. However, the security experts need to inspect a considerable number of events to generate the knowledge to figure out the intrusive behavior with heavy costs. In this paper, we propose a data-driven analysis framework for event analysis for network intrusion detection systems (NIDSs) by data mining approaches without experts heavily involved. The proposed system enhances the intrusion detection capability of NIDSs by reducing the false alarms and correlating the causal relations in different attack steps. We implement the proposed framework named as IDEAs, evaluate it by the DARPA'99 benchmark and deploy it successfully in a real world organization. It could easily plug in the state-of-the-art open source IDS architecture (e.g. snort) for being helpful to identify attacks and reduce false alarms. This paper presents IDEAs's mechanism, implementation, and experiment evaluations that regard the DARPA'99 benchmark and real world data collected from ChungHwa Telecommunication Laboratories. |
本系統之摘要資訊系依該期刊論文摘要之資訊為主。