摘要
将AI领域中的规划概念引入入侵检测 ,建立了入侵检测的规划识别模型 ,采用因果告警关联分析和贝叶斯网推理模型实现规划识别 ,以找回因入侵检测自身的检测策略不足和网络覆盖范围漏洞而丢失的关键告警 ,重新构建了实际的攻击场景 ,并能预测攻击者的下一步行为或攻击意图 。
The notion 'plan' in AI (Artificial Intelligence) was introduced to intrusion detection. The model of plan recognition for intrusion detection by using alert correlation analysis was built based on prerequisites and consequences of intrusions and Bayesian Network inference model. As a result, missed key alerts caused by weaknesses in IDS detection policies and holes in IDS network coverage were gotten back, real attack scenarios were reconstructed, future action or intrusion intention was predicted ,and appropriate responses to their actions were planned.
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2004年第3期80-82,共3页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
国家信息安全应急计划资助项目 (86 3 30 1 0 6 0 1)
国信安办资助项目 (2 0 0 1 研 1 0 0 4 )
武汉市科技计划基金资助项目 (2 0 0 10 1111) .
关键词
入侵检测
规划
规划识别
虚拟告警
贝叶斯网
intrusion detection
plan
plan recognition
virtual alert
Bayesian Network
