关键词: 网络态势感知, 报警分析, 入侵检测, 相似度

Abstract:

The alert perception of network situation awareness is different from that of the traditional intrusion detection area in particle size, scale, target, and so on. It pays more attention to human understanding. Based on the existing similarity based alert analysis method, a "similarity based macro network alert awareness algorithm" is proposed. It gives a new definition of attribute similarity, and uses an "optimal sequence method" to improve attribute weight setting. Finally, a threshold selection scheme is proposed  based on human instantaneous understanding. The experimental results show that this method can help network managers get the whole awareness of network situation including the time, range, and type of network abnormality.

Key words: network situation awareness;alert analysis;intrusion detection;similarity