An Online Attack Scenarios Construction Algorithms Based on Delievable Alarms
基于可信报警事件的在线攻击场景重构算法

Traditional intrusion detection systems(IDSs) only provide large amount of independent, low-level attack alerts, though there may be logical connections between them. As a result, it is difficult for users or response systems to understand the alerts and take appropriate actions for these attacks. So it needs to deduce high-level attack scenarios and analysis the attack's objective from low-level attack alerts. This paper uses Bayesian rule to filter the alarm set,produces the believable alarm set and shows the most plausible ones among these possible scenarios based on this set,which decrease the effect of false negative alarm and improve this correlation algorithm's robustness and expansibility. This algorithm can also be used to analysis the online alarm set, which avoid the shortcomings of the existed algorithms. We evaluate this model with DARPA evaluation database, which shows good performance in attack scenario construction and alarm reduction.