Los puntos clave no están disponibles para este artículo en este momento.
There is a big difference between the IDS alerts from the network backbone and those from the lab. But there is little work has been done to mine attack models in IDS alerts from the network backbone. The contributions of this paper are three-fold. First, we propose an alert reduction method based on statistical redundancy (RMSR) to reduce the alert redundancy. Second, we propose a two-stage clustering algorithm to analyze the spatial and temporal relation of the network intrusion behaviors' alert sequence. Third, we propose a novel approach, Loose Longest Common Subsequence (LLCS), to extract the attack models of network intrusion behaviors. The experiment result shows that the reduction approach reduces the IDS alerts redundancy efficiently, and the attack models generated have a strong logical relation.
Qiao et al. (Tue,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: