Intrusion alarm analyzing method based on relative entropy

A technology of alarm analysis and relative entropy, applied in the field of information security, can solve problems that are not suitable for engineering applications and cannot be effectively distinguished

Inactive Publication Date: 2013-12-11
HANGZHOU NORMAL UNIVERSITY
View PDF3 Cites 38 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In addition, correlation analysis usually defines alarms as the premise or result of multi-step attacks. However, a large number of alarms are caused by the normal opera

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion alarm analyzing method based on relative entropy
  • Intrusion alarm analyzing method based on relative entropy
  • Intrusion alarm analyzing method based on relative entropy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] The technical solutions of the present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments. The following examples are implemented on the premise of the technical solutions of the present invention, and detailed implementation methods and processes are given, but the protection scope of the present invention is not limited to the following examples.

[0039] In order to better understand the method proposed in this embodiment, select the 17-day intrusion detection system IDS alarm that uses the actual network, find network abnormalities based on the distribution of alarm characteristics, and then further analyze the cause of the abnormality for each abnormality. The alarm data set is generated by Snort (version 2.8.3.2) deployed between the internal network and the external network. The data set includes a total of 920,4735 alarms generated by 33,2154 active IP addresses (including intranet and extranet) in 1...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an intrusion alarm analyzing method based on relative entropy. According to massive alarm flow produced by an intrusion detection system, the macroscopic safety condition of a current network is evaluated and the attack condition on which the most attention should be paid is described. The intrusion alarm analyzing method comprises the steps of obtaining an alarm of the intrusion detection system; building a normal parameter base line with multiple characteristics and a tolerance range according to historical data and expert knowledge; adopting a threshold value detection method based on the relative entropy according to the five characteristics of intrusion alarm data, wherein the five characteristics include a source IP address, a target IP address, a source port, a target port and an alarm type; determining that abnormal flow exists once the alarm flow exceeds the tolerance range of the base line; helping a network manager position a network abnormity rapidly by excavating and analyzing abnormities and effectively recognizing and reporting types of the abnormities.

Description

technical field [0001] The invention relates to an intrusion alarm analysis method based on relative entropy, in particular to a large-scale network-oriented intrusion detection system, which utilizes relative entropy theory to monitor, manage and analyze massive network alarm data in real time. It belongs to the field of information security technology. Background technique [0002] Intrusion Detection System (IDS) detects network traffic in real time, monitors various network behaviors, and timely alarms and protects traffic that violates security policies. It is an effective means to solve computer network security problems. However, the current intrusion detection system has problems such as too much alarm information and a high false alarm rate. A large amount of alarm information is caused by the normal behavior of users in the network. For administrators of large-scale networks, faced with hundreds of millions of alarm traffic, they urgently need intrusion alarm auxi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 刘雪娇夏莹杰任婧
Owner HANGZHOU NORMAL UNIVERSITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap