基于动态贝耶斯规划图的状态安全报警关联

北京大学学报（自然科学版）

基于动态贝耶斯规划图的状态安全报警关联

徐辉¹,冯晋雯,叶志远

北京大学计算机科学技术研究所信息安全实验室，北京，100871；¹E-mail: xuhui@baidu.com

收稿日期:2004-09-17 出版日期:2006-01-20 发布日期:2006-01-20

Stateful Security Alert Correlation by Dynamic Bayesian Plan Graph

XU Hui, FENG Jinwen, YE Zhiyuan

Institute of Computer Science and Technology, Peking University, Beijing, 100871

Received:2004-09-17 Online:2006-01-20 Published:2006-01-20

摘要/Abstract

摘要： 提出状态报警关联的概念以及基于动态贝耶斯规划图的报警关联算法。动态贝耶斯规划图在规划图的基础上结合了动态贝耶斯网络推理，显式地表示系统状态以及状态和攻击动作之间的相互影响。算法用贝耶斯推理处理不确定信息，量化地评估系统安全状态，并且有效地消除误报。

关键词: 报警关联, 入侵检测, 规划图, 动态贝耶斯网络

Abstract: The concept of stateful alert correlation and a correlation algorithm based on dynamic Bayesian planning graph are proposed. Dynamic Bayesian planning graph adds dynamic Bayesian inference to based planning graph. It represents system security states explicitly and the relation between states and actions. The algorithm handles uncertain information with Bayesian inference, giving a quantitative evaluation of the security state of a system and eliminating false alarms effectively.

Key words: alert correlation, intrusion detection, plan graph, dynamic Bayesian network

中图分类号:

TP393.08

徐辉,冯晋雯,叶志远. 基于动态贝耶斯规划图的状态安全报警关联[J]. 北京大学学报（自然科学版）.

XU Hui,FENG Jinwen,YE Zhiyuan. Stateful Security Alert Correlation by Dynamic Bayesian Plan Graph[J]. Acta Scientiarum Naturalium Universitatis Pekinensis.

导出引用管理器 EndNote|Ris|BibTeX

链接本文: https://xbna.pku.edu.cn/CN/

https://xbna.pku.edu.cn/CN/Y2006/V42/I1/127