Valdes A, Skinner K. Probabilistic alert correlation[C]//Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection. London, UK: Springer, 2001: 54-68.
[2]
Ning Peng, Cui Yun, Reeves D S. Constructing attack scenarios through correlation of intrusion alerts[C]//Proceedings of the 9th ACM Conference on Computer and Communications Security. New York, US: ACM, 2002: 245-254.
[3]
Noel S, Robertson E, Jajodia S. Correlating intrusion event sand building attack scenarios through attack graphdistances[C]//Proceedings of 20th Annual Computer Security Applications Conference. Tucson, AZ, US: IEEE Press, 2004: 350-359.
[4]
Wang Lingyu, Liu Anyi, Jajodia S. Using attack graphs for correlating, hypothesizing, and predicting intrusionalerts[J]. Computer Communications, 2006, 29(15): 2917-2933.
[5]
Ahmadinejad S, Jalili S, Abadi M. Ahybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs[J]. Computer Networks, 2011, 55(9): 2221-2240.
[6]
Anbarestani R, Akbari B, Fathi F. An iterative alert correlation method for extracting network intrusion scenarios[C]//Proceedings of 20th Iranian Conference on Electrical Engineering. Tehran: IEEE Press, 2012: 684-689.
[7]
Wang C, Yang Jimin. Adaptive feature-weighted alert correlation system applicable in cloud environment[C]//Proceedings of 8th Asia Joint Conference on Information Security. Seoul: IEEE Press, 2013: 41-47.
[8]
John Burnham. Magic quadrant for security information and event management[EB/OL]. Rosten, VA, USA: Internet Society, 2014[2014-06-24].
