检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:郑剑[1] 周艳丽[1] 刘聪[1] ZHENG Jian;ZHOU Yan-li;LIU Cong(School of Information Engineering, Jiangxi University of Science and Technology, Ganzhou 341000,China)
机构地区:[1]江西理工大学信息工程学院,江西赣州341000
出 处:《计算机工程与设计》2017年第2期328-333,共6页Computer Engineering and Design
基 金:国家自然科学基金项目(61462034);江西省教育厅科学技术研究基金项目(GJJ13415);江西理工大学科学基金重点课题基金项目(NSFJ2014-K11)
摘 要:针对报警在攻击图中找不到对应原子攻击节点的关联问题,提出一种基于攻击路径和PCA(principal component analysis)算法的报警关联方法。根据先验知识定义攻击图,利用PCA算法计算报警相似度,根据两个报警的相似度和报警发生时间差,确定报警之间是否存在关联关系,实现报警关联和修复攻击图的缺陷。实验结果表明,该方法能够关联前提报警缺失和在攻击图中找不到对应原子攻击节点的报警,能够完全修复不相连的原子攻击节点缺失个数少于3的攻击图。Aiming at the problem that the arriving alert can not be mapped to any exploit in the attack graph,an alert correlation method based on attack path and component analysis principal algorithm was proposed The attack graph was defined using the prior knowledge.Component analysis principal algorithm was utilized to calculate the similarity of the alerts and determine whether there was a correlation relation between the alerts according to the similarity and the time difference.Alert correlation was implemented and the defects of the attack graph were repaired Experimental results show that the proposed method can not only correlate the alerts of losing the premise alerts and not finding the corresponding exploit in the attack graph,but also fully repair the attack graph in the absence of less than three discontinuous atomic attack node.
关 键 词:报警关联 攻击图 主成份分析 报警相似度 报警关联图
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.43