摘要
网络告警因果关联技术有助于管理员根据告警之间的因果关系构建攻击场景,及时调整防范措施。现有因果关联技术主要依靠专家经验人为定义因果关联知识库,无法适应攻击类型的不断变化。论文提出了一种基于数据挖掘技术的因果关联知识库构建方法,实现了关联知识库的自适应调整,降低了告警关联的漏警率。
Network alarm causal correlation technology can help network administrators construct attack scenarios and take timely responses by unveiling the causal relationship of intrusion alarms. Existing causal correlation technologies is mainly based on predefined correlation knowledge base, and cannot adapt to the appearance of new network attack types. This paper presents a data mining based method for constructing causal correlation knowledge database. By implementing this method, the self-improvement of the knowledge base is achieved and the failure rate of alarm correlation reduced.
出处
《信息安全与通信保密》
2009年第7期102-104,共3页
Information Security and Communications Privacy
基金
国家高技术研究发展计划专项经费资助项目(基金号:2007AA01Z473)
关键词
网络安全
告警因果关联
数据挖掘
知识库
network security
alarm causal correlation
data mining
knowledge base