%0 Journal Article
%T An Online Attack Scenarios Construction Algorithms Based on Delievable Alarms<br>基于可信报警事件的在线攻击场景重构算法
%A GUO Shan-Qing
%A ZENG Ying-Pei
%A XIE-Li
%A <br>郭山清
%A 曾英佩
%A 谢立
%J 计算机科学
%D 2006
%I 
%X Traditional intrusion detection systems(IDSs) only provide large amount of independent, low-level attack alerts, though there may be logical connections between them. As a result, it is difficult for users or response systems to understand the alerts and take appropriate actions for these attacks. So it needs to deduce high-level attack scenarios and analysis the attack's objective from low-level attack alerts. This paper uses Bayesian rule to filter the alarm set,produces the believable alarm set and shows the most plausible ones among these possible scenarios based on this set,which decrease the effect of false negative alarm and improve this correlation algorithm's robustness and expansibility. This algorithm can also be used to analysis the online alarm set, which avoid the shortcomings of the existed algorithms. We evaluate this model with DARPA evaluation database, which shows good performance in attack scenario construction and alarm reduction.
%K Intrusion detection
%K Attack scenario
%K Correlation
%K Alarm reduction
%K Online analysis<br>入侵检测
%K 攻击场景
%K 关联
%K 贝叶斯规则
%K 事件约减
%K 在线分析
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=64A12D73428C8B8DBFB978D04DFEB3C1&aid=8CD390E6D34A0403&yid=37904DC365DD7266&vid=27746BCEEE58E9DC&iid=5D311CA918CA9A03&sid=8C83C265AD318E34&eid=03F1579EF92A5A32&journal_id=1002-137X&journal_name=计算机科学&referenced_num=0&reference_num=25