摘要
报警关联技术分析不同安全产品产生的报警,从中识别出真正有意义的攻击警报,并减少大量的误报警,降低安全管理员的工作量。该文介绍了报警关联的基本模型和主要技术,分析了主要的关联方法,探讨了报警关联技术的发展方向。这些讨论对应用或发展报警关联技术都有参考价值。
Many intrusion detection technologies are complementary to each other. The alert correlation technology analyzes alerts generated from different security products, so that false alerts are greatly reduced, real attacks are more easily discerned, accordingly, the work load on system administrators is largely released. Herein, basic models and technologies of alert correlation are discussed. Important correlation algorithms are analyzed; and development tendencies of alert correlation technologies are also predicted.
出处
《计算机工程》
CAS
CSCD
北大核心
2007年第17期173-175,共3页
Computer Engineering
基金
重庆自然科学基金(9111)
重庆市教委科学技术研究项目(040509)
重庆自然科学基金资助重点项目(2005BA2003)
关键词
入侵检测
报警关联
网络安全
intrusion detection
alert correlation
network security