Acta Scientiarum Naturalium Universitatis Pekinensis

Previous Articles     Next Articles

A Novel Temporal Scenario Recognition Algorithm and Its Application in Intrusion Detection Alert Fusion

XU Hui, FENG Jinwen, PAN Aimin   

  1. Institute of Computer Science and Technology, Peiking University, Beijing, 100871
  • Received:2003-12-22 Online:2005-05-20 Published:2005-05-20

一种时间场景识别算法及其在安全报警熔合中的应用

徐辉,冯晋雯,潘爱民   

  1. 北京大学计算机科学技术研究所信息安全研究室,北京,100871

Abstract: A security alert fusion algorithm based on temporal scenario recognition is proposed. Known attack patterns are defined into temporal scenario models to process online or offline alert flow. Alert aggregation and alert correlation are performed simultaneously in the recognition procedure. Methods based on temporal reasoning are adopted to preprocess temporal scenario models, giving the recognition algorithm a high efficiency.

Key words: alert fusion, alert aggregation, alert correlation, temporal scenario, temporal constraint graph

摘要: 提出了一种基于时间场景识别的安全报警熔合算法。该算法将已知的攻击模式定义成时间场景模型来处理在线或离线的报警流。算法同时完成报警聚合以及报警关联两个工作,并且采用基于时间推理的方法来预处理场景模型,从而使识别过程具有较高的效率。

关键词: 报警熔合, 报警聚合, 报警关联, 时间场景, 时间约束图

CLC Number: 

Copyright © Acta Scientiarum Naturalium Universitatis Pekinensis, All Rights Reserved.
Powered by Beijing Magtech Co., Ltd.