| 基于攻击症状的安全事件关联方法研究 |
| |
| 引用本文: | 许宇华.基于攻击症状的安全事件关联方法研究[J].计算机工程与设计,2008,29(10):2486-2490. |
| |
| 作者姓名: | 许宇华 |
| |
| 作者单位: | 中国航天科工集团第二研究院706所,北京,100854 |
| |
| 摘 要: | 提出一套基于攻击症状的安全事件关联方法.根据攻击和症状间因果关系构建了安全事件关联模型,提出了依据关联模型自动计算产生安全事件关联规则的思想,并用特征代码匹配法实现事件关联.
|
| 关 键 词: | 安全事件 关联分析 因果关系图 攻击 症状 |
| 文章编号: | 1000-7024(2008)10-2486-04 |
| 修稿时间: | 2007年10月17 |
Research of security event correlation approach based on attack-symptom |
| |
| XU Yu-hua.Research of security event correlation approach based on attack-symptom[J].Computer Engineering and Design,2008,29(10):2486-2490. |
| |
| Authors: | XU Yu-hua |
| |
| Affiliation: | XU Yu-hua(Institute 706,Second Academy of China Aerospace Science , Industry Corporation,Beijing 100854,China) |
| |
| Abstract: | A security event correlation approach based on relationship of attack and symptom is studied.A causality model of security event correlation is discussed.And a method of automatically generating correlation rules is discussed.Then an approach how to applying code matching method to implement event correlation is introduced. |
| |
| Keywords: | security event correlation analysis causality graph attack symptom |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
