An Alert Correlation Method Based on Knowledge Accumulation
基于知识积累的告警相关方法

Hacker's intrusion is a process to accumulate information from the target system step by step. The more in- formation hacker collect from the target system,the more probability to succeed of the next intrusion step. The exist- ing alert correlation method can't identify the intrusion process which have several embranchment,and also can't rec- ognize the unsuccessful intrusion step belonging to certain intrusion process. Considering this two condition,this pa- per propo ses an alert correlation method based on knowledge accumulation. This kind of method not only can identify more intact intrusion process,but also can evaluate the correlation degree of the intrusion process and result of the in- trusion process.