期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于知识积累的告警相关方法 被引量:1

An Alert Correlation Method Based on Knowledge Accumulation
下载PDF
导出
摘要 黑客的入侵是一个逐步积累、逐步深入的过程。在入侵过程中,黑客所积累的有关目标系统的信息越多,越有利下一步入侵的成功。现有的告警相关方法不能识别带分支的入侵过程,也不能识别属于某个入侵过程的失败的入侵步骤。该文针对这两种情况提出了一种基于知识积累的告警相关方法,这种方法不仅能识别完整入侵过程,而且能对入侵过程的相关程度及其入侵结果进行评估。 Hacker's intrusion is a process to accumulate information from the target system step by step. The more in- formation hacker collect from the target system,the more probability to succeed of the next intrusion step. The exist- ing alert correlation method can't identify the intrusion process which have several embranchment,and also can't rec- ognize the unsuccessful intrusion step belonging to certain intrusion process. Considering this two condition,this pa- per propo ses an alert correlation method based on knowledge accumulation. This kind of method not only can identify more intact intrusion process,but also can evaluate the correlation degree of the intrusion process and result of the in- trusion process.
作者 龚发根 秦拯 张大方
机构地区 湖南大学软件学院
出处 《计算机科学》 CSCD 北大核心 2005年第6期133-136,共4页 Computer Science
基金 国家自然科学基金(No.60273070) 国家863资助项目(No.2003AA118201) 湖南省2004年科技攻关资助项目(No.04gk3022) 东莞科研发展基金
关键词 相关方法 知识积累 告警 目标系统 相关程度 入侵 识别 黑客 Intrusion detection Alert correlation
分类号 TP393.08 [自动化与计算机技术—计算机应用技术] Q348 [生物学—遗传学]
  • 相关文献

参考文献2

二级参考文献15

  • 1李娜,秦拯,张大方,陈蜀宇.基于Markov Chain的协议异常检测模型[J].计算机科学,2004,31(10):66-68. 被引量:6
  • 2Jin-Min Yang, Da-Fang Zhang, Zheng Qin, et al. WINDAR: A Multithreaded Rollback-Recovery Toolkit on Windows[A].IEEE 10th Proc of Pacific Rim Dependable Computing (PRDC10).[C].2004.
  • 3Qin Zheng, Wu Zhong-fu, Xiaofeng Liao, et al. A Network Intrusion Detection Architecture Based on Intelligent Agents[A].Proc of the Int'l Conf on NIT[C].2001.
  • 4Kevin McIntyre. Event Correlation Systems: The New Threat Frontline[Z].SANS Institute,2003.
  • 5A Valdes, K Skinner. Probabilistic Alert Correlation[A].Proc of the 4th Int'l. Symp Recent Advances in Intrusion Detection(RAID)[C].2001.
  • 6Dan Gorton. Extending Intrusion Detection with Alert Correlation and Intrusion Tolerance[R].Technical Report No.27L, Department of Computer Science, Chalmers University, 2003.
  • 7F Cuppens, A Miège. Alert Correlation in a Cooperative Intrusion Detection Framework[A].Proc of 2002 IEEE Symp on Security and Privacy[C].2002.
  • 8P Ning, D Reeves, Yun Cui. Correlating Alerts Using Prerequisites of Intrusions[R].Technical Report TR-2001-13, North Carolina State University, Department of Computer Science, 2001.
  • 9Estevez-Tapiador J M, et al. Stochastic Protocol Modeling for Anomaly Based Network Intrusion Detection. In:Proc. of the First IEEE Intl. Workshop on Information Assurance(IWIA'2003)
  • 10Warrender C, Forrest S, Pearlmutter B. Detecting Intrusions Using System Calls: Alternative Data Models. In: IEEE Symposium on Security and Privacy, 1999

共引文献7

同被引文献4

  • 1Ning P, Xu D. Learning Attack Strategies from Intrusion Alert. In: Proceedings of the ACM Conference on Computer and Communications Security ( CCS ' 03). Washington, D C. October 2003.
  • 2Ning P, Cui Y. An intrusion alert correlator based on prerequisites of intrusions. Technical Report TR-2002-01, Department of Computer Science, North Carolina State University, 2002.
  • 3Ning P, Reeves D, Yun Cui. Correlating alerts using prerequisites of intrusions. Technical Report TR-2001-13, Department of Computer Science, North Carolina State University, Dec. 2001.
  • 4Valdes A, Skinner K. Probabilistic alert correlation. In:Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection ( RAID 2001 ) , 2001:54-68.

引证文献1

计算机科学
2005年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部