摘要
随着网络攻击的日趋智能化,大量安全设备被部署在网络中,它们在保护网络的同时,也为网络管理员的分析工作带来了新的挑战,如何从这些安全设备产生的海量信息中挑选出有效信息,并还原攻击场景,仅靠人工操作是难以完成的。在这种情况下,网络安全报警关联技术应运而生。该文在分析了几种传统的安全报警关联系统体系结构后,着重介绍了当前比较流行的几种网络安全报警关联方法,并分析了其优缺点。
As the network attack is more and more sophisticated, enormous security devices are deployed to protect the network, which brings new challenges to network administrators. It’s hard to choose effective information and revert the whole attack scenes by human. Network security alert correlation appeared under this condition. This article firstly analyzes the classical security alert correlation system's architecture, then stressly introduces several popular methods of network alert security correlation, and analyzes their virtues and flaws respectively.
出处
《电脑知识与技术》
2009年第6X期4928-4930,共3页
Computer Knowledge and Technology
关键词
体系结构
入侵检测
网络安全报警
关联分析
architecture
intrusion detection
network security alert
correlation analysis