Full-Text Search:
Home|Journal Papers|About CNKI|User Service|FAQ|Contact Us|中文
《Microcomputer Information》 2009-03
Add to Favorite Get Latest Update

Off-line Analysis Research and Implementation Based on Drools

XIU Jie-lei XU Nan-shan WEI Sheng-jun(Department of Computer,School of Information Science, Beijing University of Chemical Technology,Beijing 100029, China) (Laboratory of Computer Network Defense Technology, Beijing Institute of Technology,Beijing 100081,China)  
A kind of offline analysis based on Drools was proposed. It was a complementarily to real-time analysis of the host detection system. It not only compressed the large quantity of alerts generated by monitoring system, but also accomplished the security events association on the whole operation procedure. Firstly, general model was constructed based on the Drools principle. Secondly, the detailed design tactics and the key technologies realization were provided. Finally the off-line simulation results using the flash memory disks alerts showed that the quantity compressibility of alerts was above 9.898% and the attack (operation) procedure was successfully achieved.
【CateGory Index】: TP393.08
Download(CAJ format) Download(PDF format)
CAJViewer7.0 supports all the CNKI file formats; AdobeReader only supports the PDF format.
【Citations】
Chinese Journal Full-text Database 4 Hits
1 Gong Jian Mei Haibin Ding Yong Wei Dehao (Department of Computer Science and Engineering, Southeast University, Nanjing 210096, China) (Key Laboratory of Computer Network Technology of Jiangsu Province, Southeast University, Nanjing 210096, China);Multi-feature correlation redundance elimination of intrusion event[J];Journal of Southeast University (Natural Science Edition);2005-03
2 Chen Xiaosu Yin Hongbin Xiao Daoju Chen Xiaosu Prof.; College of Computer Sci. & Tech., Huazhong Univ. of Sci. & Tech., Wuhan 430074, China.;The analysis of event correlation in intrusion detection[J];Journal of Huazhong University of Science and Technology;2003-04
3 GUO Shan-qing~(1,2),YANG Xue-lin~4,ZENG Ying-pei~(1,2),XIE Li~(1,2),GAO Cong~3(1.State Key Laboratory for Novel Software Technology,Nanjing University,Nanjing Jiangsu 210093,China;2.Department of Computer Science and Technology,Nanjing University,Nanjing Jiangsu 210093,China;3.Department of Computer Science,University of Auckland,Auckland 1020,New Zealand;4.Research Center of Nandasoft Corporation,Nanjing Jiangsu 210008,China);Survey of the security alerts correlation algorithms[J];Computer Applications;2005-10
4 HU JUN ZUO MING YANG SONG;Design and Implementation of Intrusion Detection Alerts Aggregation and Correlation System[J];Microcomputer Information;2007-36
【Co-citations】
Chinese Journal Full-text Database 10 Hits
1 XIU Jie-lei1,XU Nan-shan1,WEI Sheng-jun2(1.School of Information Science,Beijing University of Chemical Technology,Beijing 100029,P.R.China;2 Beijing Institute of Technology,Beijing 100081,P.R.China);Security Events Tracing Research Based on Drools[J];Computer Security;2008-10
2 Tu Yu(Henan Polytechnic Institute Henan Nanyang 473009);A Correlation Analysis Model of the Integrated Network Security Incident[J];Information Security and Technology;2011-05
3 YAN Shao-hua XU Lei(Colledge of Computer Science,Shenyang Aerospace University,Liaoning Shenyang 110136);Alert aggregation method research based on dynamic time threshold[J];Journal of Shenyang Institute of Aeronautical Engineering;2010-05
4 GAO Xue-xia(College of Computer and Information Engineering,Xinxiang University,Xinxiang 453003,China);Design of Generic Security Construction Based on Coding-Technology[J];Journal of Henan Normal University(Natural Science);2009-01
5 ZHANG Xiang,HU Chang-zhen,YIN Wei Computer Network Countermeasure Technology Laboratory,Beijing Institute of Technology,Beijing 100081,China;Research of network threat analysis technique based on event correlation[J];Computer Engineering and Applications;2007-04
6 MEI Hai-Bin GONG Jian(School of Computer Science and Engineering, Southeast University, Nanjing 210096);An IDS Alarm Analysis Method for Intrusion Warning Based on Time Series Theory[J];Computer Science;2007-12
7 GAO Xiu-feng1,CHEN Li-yun1,HU Chang-zhen2(1.Department of Computer Engineering,Ordnance Engineering College,Shijiazhuang 050003;2.Beijing Institute of Technology,Beijing 100081);Study of Intrusion Events Modeling[J];Computer Engineering;2008-09
8 PEI Jin-ze~(1,2),HU Hua-ping~1,HUANG Chen-lin~1(1.School of Computer Science,National University of Defense Technology,Changsha Hunan 410073,China;2.The 92493 Unit of PLA,(Huludao) Liaoning 125000,China);Design and Implementation of Alert Information Correlation Model[J];Application Research of Computers;2006-03
9 GAO Xiu-feng1,CHEN Li-yun1,WANG Xi-wu1,GU Yan-hong2(1.Department of Computer Engineering 2.Department of Traning,OrdnanceEngineering College,Shijiazhuang 050003,China);Model of Intrusion Detection Based on Fuzzy Events[J];Journal of Ordnance Engineering College;2009-04
10 Wang Li'na Fang Dingyi Wu Xiaonan Chen Xiaojiang(Department of Computer Science,Northwest University,Xi'an 710069,Shaanxi,China);RESEARCH ON NETWORK INTRUSION ALERTS RECOVERY DECISION-MAKING TECHNOLOGY[J];Computer Applications and Software;2007-04
China Proceedings of conference Full-text Database 2 Hits
1 Zhang Jie Li Jun Fu Huanhuan (School of Information Science & Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 210016);Distributed intrusion detection framework based on alert management[A];[C];2010
2 Jia Quan Li Qun Wu Yang-bo Song Li-li (School of Information System and Management,National University of Defense Technology,Hunan,Changsha,410073);The Research of Event Correlation Algorithms in Navy Tactics Simulation[A];[C];2008
【Co-references】
Chinese Journal Full-text Database 10 Hits
1 ZHANG Li-min (Hunan International Economics University,Changsha 410205, China);Focused Crawler'S Strategies on the Vertical Search Engine[J];Computer Knowledge and Technology;2010-15
2 MENG Tao,YAN Hong fei,LI Xiao ming (Department of Computer Science & Technology,Peking University,Beijing 100871,China);An Evaluation Model on Information Coverage of Search Engines[J];Acta Electronica Sinica;2003-08
3 DU Dong,CHEN Xiao-jun(Department of Information Management,Hehai University,Changzhou 213022,China);Research on CMS、ERP and CRM by comparison[J];Information Technology;2010-06
4 ZHAO Tongzhou1,2,WANG Haihui1,2,MA Shuaijun2,CHEN Zhou2(1.Hubei Province Key Laboratory of Intelligent Robot,Wuhan Institute of Technology,Wuhan 430073,China;2.School of Computer Science and Engineering,Wuhan Institute of Technology,Wuhan 430073,China);The design of the enterprise-service-oriented management system based on rules engine technology[J];Journal of Hubei University(Natural Science);2010-03
5 TAN Ai-pin,CHENG Ya-lin(Hunan Industry Polytechnic,Changsha 410208,Hunan);Technological Summary of Search Engine[J];Journal of Hunan Industry Polytechnic;2008-03
6 ;The sdudy of Customer Relationship Managemen(tCRM)[J];Heilongjiang Science and Technology Information;2010-05
7 LIN Hai-xai,YUAN Fu-yong,CHEN Jin-sen,LIU Jun-feng Institute of Information Science & Engineering,Yanshan University,Qinhuangdao,Hebei 066004,China;Improved algorithm about topic web crawler's search strategy[J];Computer Engineering and Applications;2007-10
8 ;Network Information Search Technology and Search Engine[J];Computer Science;2000-07
9 LI Jian JIN Bei-Hong (Technology Center of Software Engineering, Institute of Software,Chinese Academy of Sciences. Beijing 100080);A Survey of Web Link Struclure Information Research[J];Computer Science;2003-04
10 GUO Hong-Yan YANG Bo JIN Bei-Hong (Technology Center of Software Engineering, Institute of Software,Chinese Academy of Sciences, Beijing 100080);Research on High Performance DOM Implementation[J];Computer Science;2006-06
【Secondary Citations】
Chinese Journal Full-text Database 1 Hits
1 (Institute of Information Engineering, InformationEngineering University, Zhengzhou 450002, Henan,China) Deng,Qihao Luo,Junyong Wang,Qingxian;Alerts Correlation Based On Intrusion Action Pattern[J];Control & Automation;2005-20
©2006 Tsinghua Tongfang Knowledge Network Technology Co., Ltd.(Beijing)(TTKN) All rights reserved