文档介绍:国防科学技术大学研究生院学位论文
ABSTRACT
With the rapid development of Interact,sharing the global resource and information is ing more and more efficient,meanwhile,it also brings new challenge work security ,the work architecture,distributed application environment,massive storage and broad bandwidth transport techniques are used widely,and these result in that the centralized intrusion detection technologies could not meet the
requirements work it has e the advanced task in research of distributed
IDS key technologies in large—work.
Intrusion detection information share and alert information fusion are the key problems work Security Early Warning System based on IDS(NSEWSl),they are also the foundation for analysis,warning and counterattack work the direction of work
security protection architecture,Our research just focuses on the key technologies of NSEWSI: general format of alert information for exchange and alert fusion,and the four major contributions have been made in the thesis.
Firstly,the Scheme ofUnified Alert Information Format(SUAIF).According to plex situation of IDS alert information at home and general requirement of standardized alert information iS studied thoroughly and the content ofintrusion detection alert is analyzed in
detail,based on which the idea of using Schema on modeling alert information is proposed, subsequently,the Alert Informaion Schema ModeI(AISM)iS constructed mad SUAIF is formed and implemented with the Extensible Markup Language(XML).All ofthese
provide the ability in sharing intrusion detection information among different IDS products and other security equipments.
Secondly,designing the alert correlation definition of five dimensionality alert
information correlation is on it,a layered alert information correlation model
with real—time response mechanism iS constructed,which Can reflect the illative relation of correlation clearly