| 安全报警关联技术研究 |
| |
| 引用本文: | 伏晓,谢立.安全报警关联技术研究[J].计算机科学,2010,37(5):9-14. |
| |
| 作者姓名: | 伏晓 谢立 |
| |
| 作者单位: | 南京大学计算机软件新技术国家重点实验室,南京,210093 |
| |
| 基金项目: | 2005年国家信息安全重大专项基金项目;;国家“八六三”高技术研究发展计划项目基金(2003AA142010)资助 |
| |
| 摘 要: | 安全报警关联技术是近年来安全领域中的热点之一,它能够有效地解决目前困扰安全管理者的海量报警以及误报、漏报报警等问题。近年来该领域出现了大量有价值的研究成果,但已有工作大多集中在个别子领域,整个领域的发展并不均衡。对这一技术的研究现状进行了综述,介绍了其处理过程及体系结构,重点总结比较了报警聚类及融合、攻击场景重建和攻击意图识别这3个关键阶段的已有算法,之后又总结评述了目前报警关联的主要应用、技术难点及现有解决方案,最后对该领域面临的问题加以分析,并展望了未来方向。
|
| 关 键 词: | 报警关联 报警聚类 报警融合 攻击场景重建 攻击意图识别 |
| 收稿时间: | 6/2/2009 12:00:00 AM |
| 修稿时间: | 9/1/2009 12:00:00 AM |
Security Alert Correlation: A Survey |
| |
| FU Xiao,XIE Li.Security Alert Correlation: A Survey[J].Computer Science,2010,37(5):9-14. |
| |
| Authors: | FU Xiao XIE Li |
| |
| Affiliation: | State Key Laboratory for Novel Software Technology/a>;Nanjing University/a>;Nanjing 210093/a>;China |
| |
| Abstract: | Alert correlation is a new promising technology and has drawn more and more attentions in recent years.It can efficiently solve many problems bothering security managers now,such as high false positives(i.e.alerts mistakenly triggered by benign events),high false negatives(i.e.intrusions mistakenly missed by security mechanisms),and large amounts of alerts created by security products per day.In the past several years,a lot of vulnerable researches were done in this field,but most of them only focused on fe... |
| |
| Keywords: | Alert correlation Alert aggregation Alert fusing Attack scenarios constructing Attack plan recognition |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
点击此处可从《计算机科学》下载全文 |
|
