���ڹ���ͼ�뱨�������ԵĻ�ϱ�������ģ��

doi:10.11772/j.issn.1001-9081.2014.01.0108

ժҪ
ͼ/��
�ο��
�� (7)

ȫ��: PDF (765 KB) HTML (1 KB)
��: BibTeX | EndNote (RIS)

ժҪ Ϊ�˽�ʾ��ּ��ϵͳ��ɵı��֮��Ĺ��ϵ��ع��ֹ��,��һ�ֻ��ڹ��ͼ�뱨��Է��Ļ�ϱ��ģ�͡��ģ�ͽ�Ϲ��ͼ�ͱ��ݷ��ŵ�,��ȸ��ֹ��֪ʶ��ʼ��ͼ��ݼ��ϵ,��ñ��ݵ��Է��ʼ��ͼ�Ĳ��ȱ��,��ʵ�ֱ��ʵ��,��Ϲ��ģ��ܹ��Ϻõػָ��ܹ��ȫ�޸��ͼ�е��ȱʧ��

	��

	�ѱ��Ƽ��
	��ҵ��
	��ù��
	E-mail Alert
	RSS
	��
	��Ӱ
	��

�ؼ�� �� , ��ֳ��, ��ͼ, ��, ��ģ��

Abstract��In order to reveal logic attack strategy information from alarms generated by intrusion detection system and reconstruct attack scenario, a hybrid model of alarm correlation was proposed, which was based on attack graph and alert similarity analysis. This model combined the advantages of attack graph and alert data analysis. First of all, it described the causal relationship between alarms, according to the initial attack graph defined by the prior knowledge of intrusion attack. Afterwards, it used the similarity analysis of the alert data to repair the defects of the initial attack graph. And then it implemented alert correlation. The experimental results show that the model can not only recover attack scenario but also be able to fully repair the attack graph in the absence of a single attack step.

Key words�� alert correlation intrusion scenario attack graph alert similarity correlation model

�ո��: 2013-07-01 ��: 2014-02-14

ͨѶ��: �� E-mail: xulei@sau.edu.cn

��߼��: ��Ӱ(1989-),Ů,��,˶ʿ�о��,��Ҫ�о��:��Ϣ��ȫ;��(1959-),Ů,�Ϻ��,��,��Ҫ�о��:��Ϣ��ȫ��

��ñ��:

��Ӱ ��. ��ڹ��ͼ�뱨��ԵĻ�ϱ��ģ��[J]. ��Ӧ��, 2014, 34(1): 108-112. ZHU Menging XU Lei. Hybrid model of alert correlation based on attack graph and alert similarity. Journal of Computer Applications, 2014, 34(1): 108-112.

��ӱ��:

http://www.joca.cn/CN/10.11772/j.issn.1001-9081.2014.01.0108 �� http://www.joca.cn/CN/Y2014/V34/I1/108