2SCHNACKENBERG D,HOLLIDAY H,SMITH R,et al.Cooperative Intrusion Traceback and Response Architecture[A].Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX II'01)[C],2001.
3TOTH T,KRUEGEL C.Evaluating the impact of automated intrusion response mechanisms[A].Proceedings of 18th Annual Computer Security Application Conference[C].Las Vegas,Nevada,USA,2002.
4LEE W.Toward Cost-Sensitive Modeling for Intrusion Detection and Response[J].Journal of Computer Security,2002,10(1/2).
5GULA R.Correlating IDS Alerts with Vulnerability Information[R].Tenable Network Security,2002.
6STIENNON R.Intrusion Detection Is Dead-Long Live Intrusion Prevention[EB/OL].http://www.sans.org/rr/papers/index.php?id=1028,2003-06-11.
7CUPPENS F,MIEGE A.Alert Correlation in a Cooperative Intrusion Detection Framework[A].Proceedings of the IEEE Symposium on Security and Privacy[C].Oakland,CA,2002.
8GOLDMAN RP,HEIMERDINGER W,HARO SA.Informationmodeling for intrusion report aggregation[A].Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX II)[C],2001.
9MORIN B,MéL,DEBAR H,et al.M2D2:A Formal Data Model for IDS Alert Correlation[A].Proceedings of Recent Advances in Intrusion Detection 2002,LNCS 2516[C].Springer-Verlag,2002.115-137.
10PORRAS PA,FONG MW,VALDES A.A mission-impact-based approach to INFOSEC alarm correlation[A].Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID)[C],2002.