10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA
出版者:
IEEE COMPUTER SOC
ISBN:
978-1-4244-4204-1
机构署名:
本校为第一且通讯机构
院系归属:
计算机学院
摘要:
In the past several years, the alert correlation methods have been advocated to discover high-level attack scenarios by correlating the low-level alerts. The causal correlation method based on prerequisites and consequences has great advantages in the process of correlating alerts. But it must depend on complicated background knowledge base and has some limits in discovering new attacks. The cluster can aggregate the relational alerts by computing the similarity between alert attributes, as well as can discover new and simple high-level attacks. However, it is difficult to establish the attrib...