国防科技大学学报2017,Vol.39Issue(5):128-138,11.DOI:10.11887/j.cn.201705021
运用警报关联的威胁行为检测技术综述
Survey of alert-correlation based on network threat detection techniques
摘要
Abstract
The rapid development of the Internet also causes more and more network threats.How to detect the network threats in a real-time and accurate manner becomes one of the key technique issues.The alert-correlation-based network threat detection technique is becoming the research hotspot,which couples with the widely used security products and fully exploits the relation between abnormal events to reconstruct the attack scenario.Starting from the features of network threats and security environment,the requirements and classification of network threat detection were introduced.Then the basic concepts and system model of alert-correlation-based network threat detection technique were illustrated in detail.The key module of the model,alert correlation method,and the fundamentals and features of different kinds of typical algorithm were studied in detail,including causal-relation-based method,case-based method,similarity-based method and data-mining-based method.Furthermore,three kinds of representative detection system architectures were discussed with practical instances,namely centralized architecture,hierarchical architecture and distributed architecture.Finally,based on the analysis of recent research work,the future work is discussed and outlined.关键词
威胁行为检测/警报关联/检测模型/检测系统结构Key words
network threat detection/alert correlation/detection model/detection system architecture分类
信息技术与安全科学引用本文复制引用
王意洁,程力,马行空..运用警报关联的威胁行为检测技术综述[J].国防科技大学学报,2017,39(5):128-138,11.基金项目
国家自然科学基金资助项目(61379052) (61379052)
国家863计划资助项目(2013AA01A213) (2013AA01A213)
湖南省自然科学基金杰出青年基金资助项目(14JJ1026) (14JJ1026)
高等学校博士学科点专项科研基金资助课题(20124307110015) (20124307110015)
