摘要
大部分的攻击事件都不是孤立产生的 ,相互之间存在着某种联系 ,而这种联系可以抽象为冗余关系和因果关系 .当前的大多数入侵检测系统忽略了这种事件之间的关联性 ,从而暴露出一些问题 .针对这些问题 ,结合这两种事件关系的基本特征 ,给出了相应的事件关联分析方法 。
The method for the analysis of an event correlation was introduced based on the characteristics of the two kinds of relationships, that is, redundancy relationship and cause and effect relationship. Based on that, the architecture designed for event correlation analysis apparatus was presented. Practice shows that event correlation can decrease number of alert, reduce false alert and discover high level attack strategies effectively .
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2003年第4期30-33,共4页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
