(江西师范大学 计算机信息工程学院, 南昌 330022)
Design and implementation of distributed IDS alert aggregation model
GUO Fan,YE Jihua,YU Min
(College of Computer Information Engineering, Jiangxi Normal University, Nanchang 330022, China)
Abstract:The article proposed a distributed alert aggregation model, composed of local component and network component. Local components transform raw alerts originating from traditional IDS to IDMEFbased alerts with uniform format, which were sent to network components. Network components aggregate similar alerts into a metaalert, using an aggregation algorithm based on feature similarity computation. Multiple kinds of messages were proposed to meet the demands of the communication between the components and realized information share in the whole network. It′s economical to construct a distributed IDS under the model.
Key words:alert; aggregation; similarity ......