[1] |
国家计算机网络应急技术处理协调中心.2015 年中国互联网网络安全报告[R]. 2016.
|
|
National Computer Network Emergency Response Coordination Center.The Chinese Internet network security report[R]. 2016.
|
[2] |
NING P , CUI Y , REEVES D S . Techniques and tools for analyzing intrusion alerts[J]. ACM Trans on Information and System Security, 2004,7(2): 274-318.
|
[3] |
QIN X , LEE W . Statistical causality analysis of INFOSEC alert data[C]// The 6th International Symposium on Recent Advances in Intrusion Detection. 2003: 591-627.
|
[4] |
MAGGI F , ZANERO S . On the use of different statistical tests for alert correlation:short paper[C]// The 10th International Conference on Recent Advances in Intrusion Detection. 2007: 167-177.
|
[5] |
冯学伟, 王东霞, 黄敏桓 ,等. 一种基于马尔可夫性质的因果知识挖掘方法[J]. 计算机研究与发展, 2014,51(11): 2493-2504.
|
|
FENG X W , WANG D X , HUANG M H ,et al. A mining approach for causal knowledge in alert correlating based on the Markov property[J]. Journal of Computer Research and Development, 2014,51(11): 2493-2504.
|
[6] |
FENG X , WANG D , ZENG J ,et al. Analyzing and correlating security events using state machine[C]// IEEE International Conference on Computer and Information Technology. 2010: 2849-2854.
|
[7] |
TEMPLETON S J , LEVITT K . A requires/provides model for computer attacks[C]// The 2000 Workshop on New Security Paradigms. 2000: 31-38.
|
[8] |
NING P , CUI Y , REEVES D S . Constructing attack scenarios through correlation of intrusion alerts[C]// The 9th ACM Conference on Computer and Communications Security. 2002: 245-254.
|
[9] |
CUPPENS F , MIEGE A . Alert correlation in a cooperative intrusion detection framework[C]// The 2002 IEEE Symposium on Security and Privacy. 2002: 202-215.
|
[10] |
CUPPENS F , . Managing alerts in a multi-intrusion detection environment[C]// The 17th Annual Computer Security Applications Conference. 2001: 22-31.
|
[11] |
CUPPENS F , AUTREL F , MIEGE A ,et al. Correlation in an intrusion detection process[C]// The SECI02 Workshop. 2002: 153-171.
|
[12] |
胡亮, 解男男, 努尔布力 ,等. 基于智能规划的多步攻击场景识别算法[J]. 电子学报, 2013,41(9): 1753-1759.
|
|
HU L , XIE N N , NU E B L ,et al. A multi-stage attack scenario recognition algorithm based on intelligent planning[J]. Acta Electronica Sinica, 2013,41(9): 1753-1759
|
[13] |
QIN X , LEE W . Discovering novel attack strategies from INFOSEC alerts[C]// The 9th European Symposium on Research in Computer Security. 2004: 439-456.
|
[14] |
QIN X , LEE W . Causal discovery-based alert correlation[C]// The 21st Annual Computer Security Application Conference, 2005: 33-40.
|
[15] |
MORIN B , DEBAR H . Correlation of intrusion symptoms:an application of chronicles[J]. Lecture Notes in Computer Science, 2003,2820: 94-112.
|
[16] |
ZHANG AF , LI Z , LI D ,et al. Discovering novel multistage attack patterns in alert streams[C]// The International Conference on Networking,Architecture,and Storage. 2007. 115-121.
|
[17] |
王泽芳, 袁平, 黄晓芳 . 一种新的多步攻击场景重构技术研究[J]. 西南科技大学学报, 2016,31(1): 55-60.
|
|
WANG Z F , YUAN P , HUANG X F . Research of a novel attack scenario constructing method[J]. Journal of Southwest University and Technology, 2016,31(1): 55-60.
|
[18] |
PIETRASZEKT , TANNER A . Data mining and machine learning-towards reducing false positives in intrusion[J]. Information Security Technical Report, 2005,10: 169-183.
|
[19] |
田志宏, 张永铮, 张伟哲 ,等. 基于模式挖掘和聚类分析的自适应告警关联[J]. 计算机研究与发展, 2009,46(8): 1304-1315.
|
|
TIAN Z H , ZHANG Y Z , ZHANG W Z ,et al. An adaptive alert correlation method based on pattern mining and clustering analysis[J]. Journal of Computer Research and Development, 2009,46(8): 1304-1315.
|
[20] |
李冬, 李之棠, 雷杰 . 周期性误告警去除方法研究[J]. 小型微型计算机系统, 2009,30(7): 1336-1340.
|
|
LI D , LI Z T , LEI J . Research on the method of reducing false positives with periodicity[J]. Journal of Chinese Computer Systems, 2009,30(7): 1336-1340.
|
[21] |
王莉 . 网络多步攻击识别方法研究[D]. 武汉:华中科技大学, 2007.
|
|
WANG L . Study on method of network multi-stage attack plan recognition[D]. Wuhan:Huazhong University of Science and Technology, 2007.
|
[22] |
MIT Lincoln Lab.2000 DARPA intrusion detection scenario specific data sets[EB/OL]. .
|