安全报警事件关联算法研究

已经获得广泛应用的防火墙、IDS、防病毒软件等安全设备在运行过程中会产生大量独立的、原始的报警信息，这些报警信息除了具有海量的特点外，还有比较高的误报率和漏报率，导致用户难于对攻击及时做出响应。利用关联分析的方法对海量报警事件进行分析并提取攻击场景是解决此问题的基本手段。通过简单的分类综述了安全领域中报警事件关联算法的研究现状，并指出了需要进一步研究的问题。

Survey of the security alerts correlation algorithms

security devices(e.g.firewalls,IDS's,anti-virus tools etc) that have been widely adopted in enterprise environments may generate huge amounts of independent,raw attack alerts,which are characterized by high false positive ratio and false negative ratio.As a result,it is difficult for users to understand these alerts and respond correspondingly.Therefore,handling the huge number of alerts produced by security devices is becoming a critical and challenging task in network security research.A general approach for solving this problem is to do some correlation analysis with these alerts and build attack scenario.A general survey of the contemporary alerts correlation algorithms was given in this paper by a straight forward classification paradigm,and some problems for future research were addressed.