Changes between Version 20 and Version 21 of icasIII

Timestamp:

Jun 9, 2011, 5:32:44 PM (13 years ago)

Author:

waue

Comment:

--

icasIII

@@ -80 +80 @@
 = !IntegrateAlert = 
 
+
  == map output ==
 {{{
@@ -93 +94 @@
 }}}
  
+
+ ||0 攻擊者ip -> 目標ip ||1 嚴重性(1~3, 1最嚴重) ||2 開始日期_時間點~結束日期_時間點 ||3 [分類資訊,...] ||4 [sig_id,...] ||5 [攻擊說明1,攻擊說明2,...] ||6 [目標port1,目標port2, ...] ||7 [偵測裝置編號,...] ||8 "整合總筆數"-"整合分類筆數"-"整合sig_id編號筆數" ||
+
  ==  sample ==
 
@@ -116 +120 @@
 }}}
 
+ = DotGraph = 
+
+{{{
+digraph G { size ="8,0"; node[style=filled,peripheries=2,color="lightskyblue"]; 
+{"140.113.130.221"}->{"0.0.0.0"}[color=red, label="NIDS \n \n[FTP: Format String in Command]"];
+{"140.113.130.221"}->{"phe96.sro.nchc.org.tw"}[color=red, label="NIDS \n \n[FTP: Format String in Command]"];
+{"168.150.177.164"}->{"239.255.255.250"}[color=red, label="NIDS \n \n[SCAN UPnP service discover attempt ]"];
+{"168.150.177.165"}->{"168.150.177.166"}[color=red, label="NIDS \n \n[NETBIOS SMB IPC$ unicode share access ]"];
+{"168.95.1.1"}->{"140.110.104.84"}[color=red, label="NIDS \n \n[UDP PORT SCAN]"];
+{"60.173.26.116"}->{"140.110.127.253"}[color=red, label="NIDS \n \n[TCP SYN]"];
+}
+}}}
+
+
+
+ = 試算結果 = 
+
+ == 06/09 ==
+
+ * 其中 snort 警訊 1081 筆，idp8200 警訊 1000 筆， nk7admin 警訊 1000 筆，共 3081 筆資訊
+
+ * 整合後得 654 筆輸出結果，以及一張攻擊圖，
+
+ * 運算時間為 34 秒
+
+ * 之後會將輸出結果導入資料庫，並且最佳化攻擊圖。