%0 Journal Article
%T An Alert Correlation Method Based on Knowledge Accumulation<br>基于知识积累的告警相关方法
%A GONG Fa-gen
%A QIN Zheng
%A ZHANG Da-Fang
%A <br>龚发根
%A 秦拯
%A 张大方
%J 计算机科学
%D 2005
%I 
%X Hacker's intrusion is a process to accumulate information from the target system step by step. The more in- formation hacker collect from the target system,the more probability to succeed of the next intrusion step. The exist- ing alert correlation method can't identify the intrusion process which have several embranchment,and also can't rec- ognize the unsuccessful intrusion step belonging to certain intrusion process. Considering this two condition,this pa- per propo ses an alert correlation method based on knowledge accumulation. This kind of method not only can identify more intact intrusion process,but also can evaluate the correlation degree of the intrusion process and result of the in- trusion process.
%K Intrusion detection
%K Alert correlation<br>入侵检测
%K 告警相关
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=64A12D73428C8B8DBFB978D04DFEB3C1&aid=6390D186459BE2A4&yid=2DD7160C83D0ACED&vid=9971A5E270697F23&iid=B31275AF3241DB2D&sid=76B5E24D6EC46B4B&eid=58F693790F887B3B&journal_id=1002-137X&journal_name=计算机科学&referenced_num=0&reference_num=10