| 通过关联报警重建攻击场景 |
| |
| 引用本文: | 廖晓勇,戴英侠. 通过关联报警重建攻击场景[J]. 计算机工程与应用, 2006, 42(5): 117-120,124 |
| |
| 作者姓名: | 廖晓勇 戴英侠 |
| |
| 作者单位: | 中国科学院研究生院信息安全国家重点实验室,北京,100039;中国科学院研究生院信息安全国家重点实验室,北京,100039 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划);科技部科研项目 |
| |
| 摘 要: | 论文提出一系列的技术来整合两种互补型的报警关联方法:基于报警属性之间的相似性(聚类关联),和基于攻击的因果关系(因果关联)。尤其是根据入侵报警间的因果关系和它们需要满足的等同约束关系来假设和推理可能被IDSs漏报的攻击,同时使用一定的方法来整理假设的攻击重建更简单更可信的攻击场景。
|
| 关 键 词: | 聚类关联 因果关联 假设攻击 等同约束 |
| 文章编号: | 1002-8331-(2006)05-0117-04 |
| 收稿时间: | 2005-09-01 |
| 修稿时间: | 2005-09-01 |
Rebuilding Attack Scenarios through Correlating Alerts |
| |
| Liao Xiaoyong,Dai Yingxia. Rebuilding Attack Scenarios through Correlating Alerts[J]. Computer Engineering and Applications, 2006, 42(5): 117-120,124 |
| |
| Authors: | Liao Xiaoyong Dai Yingxia |
| |
| Affiliation: | State Key Laboratory of Information Security,Graduate School,Chinese Academy of Sciences, Beijing 100039 |
| |
| Abstract: | This paper presents some techniques to integrate two complementary types of alert correlation methods:those based on the similarity between alert attributes(clustering correlation),and those based on causal correlation of attacks (causal correlation).Especially,this paper presents techniques to hypothesize and reason about attacks possibly missed by IDSs based on the equality constrain and causual relation between intrusion alerts they must satisfy.At the same time, this page uses the certain method to consolidate the hypothesized attacks in order to rebuild more simple and creditable attack scenarios. |
| |
| Keywords: | clustering correlation causal correlation hypothesize attack equality constraint |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
