期刊文献+

多步攻击告警关联模型构建与实现 被引量:1

Construction and implementation of multistep attacks alert correlation model
下载PDF
导出
摘要 为精简入侵检测系统产生的大量报警信息和分析攻击者的目的和动机,提出了新的报警信息关联模型。该模型通过事件关联把具有相似关系的报警信息关联后存储为元报警,然后根据报警类型知识库转换为超报警,最后根据超报警之间的因果关系进行攻击关联,构建出攻击关联图。实验表明,该模型提高了报警处理效率,对识别攻击意图和提高报警准确性有较好的效果。 To reduce the number of alerts in Intrusion Detection System(IDS) and uncover attack purposes and motivations,a new alert correlation model was proposed,in which alerts with similarity relationship were correlated by event correlation and stored as meta-alerts,then transformed into hyper-alerts according to the knowledge base rules,and finally hyper-alerts with casual relationship were correlated by attack correlation and an attack correlation graph was formed.The experimental results show that the model raises alert processing efficiency and contributes to attack purposes identification and alert accuracy improvement.
出处 《计算机应用》 CSCD 北大核心 2011年第5期1276-1279,共4页 journal of Computer Applications
基金 河南省重点科技攻关项目(0423020300)
关键词 入侵检测 报警信息 多步攻击 事件关联 超报警 intrusion detection alert information multistep attack event correlation hyper alert
  • 相关文献

参考文献1

二级参考文献1

共引文献2

同被引文献10

引证文献1

二级引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部