会议论文

Peng, Xi

英文

PACIIA: 2008 PACIFIC-ASIA WORKSHOP ON COMPUTATIONAL INTELLIGENCE AND INDUSTRIAL APPLICATION, VOLS 1-3, PROCEEDINGS

2008

328-333

Pacific/Asia Workshop on Computational Intelligence and Industrial Application

DEC 19-20, 2008

Wuhan, PEOPLES R CHINA

[Peng, Xi;Zhang, Yugang;Xiao, Shisong;Wu, Zheng;Cui, JianQun;Chen, Limiao;Xiao, Debao] Huazhong Normal Univ, Dept Comp Sci, Wuhan 430079, Peoples R China.

IEEE, IEEE IES Ind Elect Soc, Wuhan Inst Technol, Huazhong Univ Sci & Technol, Huazhong Normal Univ, Comp & Security Ctr

Zhang, Y Tan, H Luo, Q

10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA

IEEE COMPUTER SOC

978-1-4244-4204-1

本校为第一且通讯机构

In the past several years, the alert correlation methods have been advocated to discover high-level attack scenarios by correlating the low-level alerts. The causal correlation method based on prerequisites and consequences has great advantages in the process of correlating alerts. But it must depend on complicated background knowledge base and has some limits in discovering new attacks. The cluster can aggregate the relational alerts by computing the similarity between alert attributes, as well as can discover new and simple high-level attacks. However, it is difficult to establish the attrib...