-
1.发明授权Apparatus and method for improving detection performance of intrusion detection system 有权提高入侵检测系统检测性能的装置和方法公开(公告)号:US09275224B2
公开(公告)日:2016-03-01
申请号:US14338917
申请日:2014-07-23
发明人: NamHoon Lee , Seokwon Lee , Soonjwa Hong , TaekKyu Lee , KyuCheol Jung , Geunyong Kim , Hyung Geun Oh , Ki Wook Sohn
CPC分类号: G06F21/554 , H04L63/1408
摘要: An apparatus for improving detection performance of an intrusion detection system includes a transformed detected data generation unit for changing original detected data, detected based on current detection rules, to transformed detected data complying with transformed detected data standard. A transformed detected data classification unit classifies the transformed detected data by attack type, classifies transformed detected data for attack types by current detection rule, and classifies transformed detected data for detection rules into true positives/false positives. A transformed keyword tree generation unit generates a true positive transformed keyword tree and a false positive transformed keyword tree. A true positive path identification unit generates a true positive node, and identifies a true positive path connecting a base node to the true positive node in the true positive transformed keyword tree. A true positive detection pattern generation unit generates a true positive detection pattern based on the true positive path.
摘要翻译: 用于提高入侵检测系统的检测性能的装置包括:变换检测数据生成单元,用于将根据当前检测规则检测到的原始检测数据改变为符合变换后的检测数据标准的变换检测数据。 经变换的检测数据分类单元通过攻击类型对经变换的检测数据进行分类,根据当前检测规则对转换后的检测数据进行分类,将检测规则的变换检测数据分类为真阳性/假阳性。 变换关键字树生成单元生成真正变换关键词树和假正变换关键字树。 真正的正路径识别单元生成真正的正节点,并且识别在真正的正变换关键词树中连接基本节点与真正的正节点的真正的正路径。 真正的检测图案生成单元基于真正的正路径生成真正的检测图案。
搜索结果
1 条记录 (耗时 0.016 秒)
