北京大学学报(自然科学版)

一种时间场景识别算法及其在安全报警熔合中的应用

徐辉,冯晋雯,潘爱民   

  1. 北京大学计算机科学技术研究所信息安全研究室,北京,100871
  • 收稿日期:2003-12-22 出版日期:2005-05-20 发布日期:2005-05-20

A Novel Temporal Scenario Recognition Algorithm and Its Application in Intrusion Detection Alert Fusion

XU Hui, FENG Jinwen, PAN Aimin   

  1. Institute of Computer Science and Technology, Peiking University, Beijing, 100871
  • Received:2003-12-22 Online:2005-05-20 Published:2005-05-20

PDF (翻译版)

摘要: 提出了一种基于时间场景识别的安全报警熔合算法。该算法将已知的攻击模式定义成时间场景模型来处理在线或离线的报警流。算法同时完成报警聚合以及报警关联两个工作,并且采用基于时间推理的方法来预处理场景模型,从而使识别过程具有较高的效率。

关键词: 报警熔合, 报警聚合, 报警关联, 时间场景, 时间约束图

Abstract: A security alert fusion algorithm based on temporal scenario recognition is proposed. Known attack patterns are defined into temporal scenario models to process online or offline alert flow. Alert aggregation and alert correlation are performed simultaneously in the recognition procedure. Methods based on temporal reasoning are adopted to preprocess temporal scenario models, giving the recognition algorithm a high efficiency.

Key words: alert fusion, alert aggregation, alert correlation, temporal scenario, temporal constraint graph

中图分类号: 

版权所有 © 《北京大学学报(自然科学版)》编辑部
技术支持:北京玛格泰克科技发展有限公司