[1] 卿斯汉,蒋建春,马恒太,等.入侵检测技术研究综述[J].通信学报,2004,25(7):19-29.(QING S H, JIANG J C, MA H T, et al. Research on intrusion detection techniques: a survey[J]. Journal of China Institute of Communications, 2004, 25(7): 19-29.) [2] 诸葛建伟,韩心慧,叶志远,等.基于扩展目标规划图的网络攻击规划识别算法[J].计算机学报,2006,29(8):1356-1366.(ZHUGE J W, HAN X H, YE Z Y, et al. A network attack plan recognition algorithm based on the extended goal graph[J]. Chinese Journal of Computers, 2006, 29(8): 1356-1366.) [3] MIRHEIDARI S A, ARSHAD S, JALILI R. Alert correlation algorithms: a survey and taxonomy[C]//CSS 2013: Proceedings of the 5th International Symposium on Cyberspace Safety and Security, LNCS 8300.[S.l.]: Springer International Publishing, 2013: 183-197. [4] SHITTU R, HEALING, GHANEAL-HERCOCK R, et al. Intrusion alert prioritisation and attack detection using post-correlation analysis[J]. Computers & Security, 2015, 50: 1-15. [5] GHASEMIGOL M, GHAEMI-BAFGHI A. A new alert correlation framework based on entropy[C]//ICCKE 2013: Proceedings of the 20133th International Conference of Computer and Knowledge Engineering. Piscataway, NJ: IEEE, 2013: 184-189. [6] 殷其雷,吴平平.基于Apriori算法的攻击行为时序关联规则检测方法[J].计算机安全,2014(9):2-7.(YIN Q L, WU P P. Detecting temporal association rules of attack activities based on Apriori algorithm[J]. Network and Computer Security, 2014(9): 2-7.) [7] ELSHOUSH H T, OSMAN I M. An improved framework for intrusion alert correlation[C/OL]//WCE 2012: Proceedings of the World Congress on Engineering 2012. London:[s.n.], 2012[2015-11-23]. http://www.iaeng.org/publication/WCE2012/WCE2012_pp518-523.pdf. [8] ELSHOUSH H T, OSMAN I M. Alert correlation in collaborative intelligent intrusion detection systems-a survey[J]. Applied Soft Computing, 2011, 11(7): 4349-4365. [9] 王璐璐.基于告警因果关系和概率统计的攻击场景重建方法的研究[D].上海:上海交通大学,2011:22-41.(WANG L L. Research on attack scenarios reconstructing method based on causal correlation and probabilistic correlation[D]. Shanghai: Shanghai Jiao Tong University, 2011: 22-41.) [10] NING P, XU D. Adapting query optimization techniques for efficient intrusion alert correlation[M]//Data and Applications Security XVII.[S.l.]: Springer US, 2004: 75-88. [11] BATENI M, BARAANI A. Time window management for alert correlation using context information and classification[J]. International Journal of Computer Network & Information Security, 2013, 5(11): 9-16. [12] ZALI Z, HASHEMI M.R, SAIDI H. Real-time attack scenario detection via intrusion detection alert correlation[C]//Proceedings of the 20129th International ISC Conference on Information Security and Cryptology. Piscataway: IEEE, 2012: 95-102. [13] NING P, CUI Y, REEVES D S, et al. Techniques and tools for analyzing intrusion alerts[J]. ACM Transactions on Information & System Security, 2004, 7(2): 274-318. [14] 陈锋,张怡,苏金树,等.攻击图的两种形式化分析[J].软件学报,2010,21(4):838-848.(CHEN F, ZHANG Y, SU J S, et. Two formal analyses of attack graphs[J]. Journal of Software, 2010, 21(4): 838-848.) |