3YIN Xiao-xin, YURCIK W, SLAGELL A, The design of visflowcon-nect-IP: a link analysis system for IP security situational awareness [C]//Proc of the 3rd IEEE International Workshop on Information Assurance ( IWIA). 2005 : 141-153.
4BATSELL S G, RAO N S, SHANKAR M. Distributed intrusion detection and attack containment for organizational cyber security [EB/OL]. http://www. ioc. oml. gov/projects/documents/containment. pdf, 2005.
5LEE S, CHUNG B, KIM H, et al. Real-time analysis of intrusion detection alerts via correlation [ J]. Computers & Security, 2006,25 (3) :169-183.
6VALDES A, SLONNER K. Probabilistic alert correlation [ C ]//Proc of the 4th International Symposium on Recent Advances in Intrusion Detection ( RAID 2001 ). London : Springer Verlag, 2001:54- 68.
7MU C, HUANG H, TIAN S. Intrusion detection alert verification based on muhilevel fuzzy comprehensive evaluation [ C ]//Proc of the 2005 International Conference on Computational Intelligence and Security. Berlin : Springer-Verlag, 2005:9-16.
8QIN X, LEE W. Discovering novel attack strategies from INFOSEC alerts [ C ]//Proc of the 9th European Symposium on Research in Computer Security. [ S. l. ] :Sophia Antipolis,2004:439-456.
9STEVEN C, ULF L, MARTIN W F. Modeling multistep cyber attacks for scenario recognition[ C ]//Proc of the 3rd DARPA Information Survivability Conference and Exposition. 2003:284-292.
10BELTON V, GEAR A E. On a shortcoming of Saaty' s method of analytic hierarchies[ J]. Omega, 1983,11:227-230.