Abstract: The concept of stateful alert correlation and a correlation algorithm based on dynamic Bayesian planning graph are proposed. Dynamic Bayesian planning graph adds dynamic Bayesian inference to based planning graph. It represents system security states explicitly and the relation between states and actions. The algorithm handles uncertain information with Bayesian inference, giving a quantitative evaluation of the security state of a system and eliminating false alarms effectively.

Key words: alert correlation, intrusion detection, plan graph, dynamic Bayesian network

摘要： 提出状态报警关联的概念以及基于动态贝耶斯规划图的报警关联算法。动态贝耶斯规划图在规划图的基础上结合了动态贝耶斯网络推理，显式地表示系统状态以及状态和攻击动作之间的相互影响。算法用贝耶斯推理处理不确定信息，量化地评估系统安全状态，并且有效地消除误报。

关键词: 报警关联, 入侵检测, 规划图, 动态贝耶斯网络