摘要
To solve the problem of the aleri flooding and information semantics in theexisting Intrusion Detection Sys-tem(IDS), we present a two-stage algorithm for correlating thealerts. In the first stage- the high-level alerts is integrated by using the Chronicle patternsbased on time intervals, which describe and match the alerts with the temporal time constrains of aninput sequence. In the second stage, the preparing relationship between the high-level alerts isdefined, which is applied to eorrtlatethe high-level alerts, and the attack scenario is constructedby drawing the attack graph. In the end a given example show? the performances of this two-stagecorrelation algorithm in decreasing the number and improving the information semantic of theintrusion alerts produced by the IDS.
To solve the problem of the aleri flooding and information semantics in theexisting Intrusion Detection Sys-tem(IDS), we present a two-stage algorithm for correlating thealerts. In the first stage- the high-level alerts is integrated by using the Chronicle patternsbased on time intervals, which describe and match the alerts with the temporal time constrains of aninput sequence. In the second stage, the preparing relationship between the high-level alerts isdefined, which is applied to eorrtlatethe high-level alerts, and the attack scenario is constructedby drawing the attack graph. In the end a given example show? the performances of this two-stagecorrelation algorithm in decreasing the number and improving the information semantic of theintrusion alerts produced by the IDS.
基金
SupportedbytheNationalNaturalScienceFundationofChina(90204012)andHiTechResearchandDevelopmentProgramofChina(2002AA143021)
