| 基于攻击图的多源告警关联分析方法 |
| |
| 引用本文: | 刘威歆,郑康锋,武 斌,杨义先.基于攻击图的多源告警关联分析方法[J].通信学报,2015,36(9):135-144. |
| |
| 作者姓名: | 刘威歆 郑康锋 武 斌 杨义先 |
| |
| 作者单位: | 北京邮电大学 信息安全中心,北京 100876 |
| |
| 基金项目: | 国家自然科学基金资助项目(61101108) |
| |
| 摘 要: | 现有基于攻击图(attack graph)的告警关联分析方法难以全面处理告警关联关系,同时,漏报推断和告警预测带来大量冗余路径误报。针对以上问题提出了基于攻击图的多源告警关联分析算法,能够综合应用图关系和阈值限制进行联动推断和预测,达到更为全面解决攻击图中的告警漏报和减少误报数量的目的。同时,将告警处理算法并行化,提出了AG-PAP告警并行处理引擎。实验表明,该方法能够提升关联分析的有效性和性能表现。
|
| 关 键 词: | 告警关联 攻击图 多源分析 并行处理 |
Alert processing based on attack graph and multi-source analyzing |
| |
| Wei-xin LIU,Kang-feng ZHENG,Bin WU,Yi-xian YANG.Alert processing based on attack graph and multi-source analyzing[J].Journal on Communications,2015,36(9):135-144. |
| |
| Authors: | Wei-xin LIU Kang-feng ZHENG Bin WU Yi-xian YANG |
| |
| Affiliation: | Information Security Centre,Beijing University of Posts and Telecommunications,Beijing 100876,China |
| |
| Abstract: | Current attack graph-based alert correlation cannot deal with graph relation between alerts properly, and a large number of redundant attack paths may arise when trying to find out missing alerts and predict future attacks. A multi-source alert analyzing method was proposed, fully utilizing graph relation and threshold to correlate mapped alerts and eventually reduce false positive rate as well as true negative rate. To improve the speed of the algorithm, a parallel alert processing system (AG-PAP) was proposed. AG-PAP is tested on distributed environment which gets satisfied effectiveness and performance. |
| |
| Keywords: | alert correlation attack graph multi-source analyzing parallel processing |
|
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
