%0 Journal Article %T Survey of the security alerts correlation algorithms
安全报警事件关联算法研究 %A GUO Shan-qing %A YANG Xue-lin %A ZENG Ying-pei %A XIE Li %A GAO Cong %A
郭山清 %A 阳雪林 %A 曾英佩 %A 等 %J 计算机应用 %D 2005 %I %X security devices(e.g.firewalls,IDS's,anti-virus tools etc) that have been widely adopted in enterprise environments may generate huge amounts of independent,raw attack alerts,which are characterized by high false positive ratio and false negative ratio.As a result,it is difficult for users to understand these alerts and respond correspondingly.Therefore,handling the huge number of alerts produced by security devices is becoming a critical and challenging task in network security research.A general approach for solving this problem is to do some correlation analysis with these alerts and build attack scenario.A general survey of the contemporary alerts correlation algorithms was given in this paper by a straight forward classification paradigm,and some problems for future research were addressed. %K security management %K alert correlation %K intrusion detection
安全管理 %K 报警事件关联 %K 入侵检测 %U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=831E194C147C78FAAFCC50BC7ADD1732&aid=A19AA9BDCFFC21EB&yid=2DD7160C83D0ACED&vid=C5154311167311FE&iid=F3090AE9B60B7ED1&sid=E5322D16BA846136&eid=84C1FE7A9C76369B&journal_id=1001-9081&journal_name=计算机应用&referenced_num=1&reference_num=13