网络与信息安全学报2026,Vol.12Issue(2):143-155,13.DOI:10.11959/j.issn.2096-109x.AQ25274
基于告警增量分析的攻击场景实时重构方法
Real-time attack scenario reconstruction method based on incremental alert analysis
摘要
Abstract
In the face of increasingly complex multi-stage and long-term cyber attacks,security events often exhibit interconnections across both temporal and spatial domains.Attack scenario reconstruction plays a crucial role in supporting traceability,forensics,and threat discovery.However,existing methods that rely on analyzing full alert data after an attack has concluded suffer from issues such as delayed results and efficiency bottlenecks.To address the inherent tension between incremental alert updates and a global perspective,an incremental attack scenario re-construction method based on time window was proposed.The key technical innovations of the proposed method were as follows:①Through preprocessing and time-window partitioning,normalized representation of alert data was achieved while effectively controlling the analysis scale;②For incrementally updated data within a single win-dow,an attack alert graph was constructed centered on target assets as well as mining frequent 1-itemsets,followed by the use of a graph traversal strategy to generate and filter all possible attack paths;③For multi-window data from a global perspective,an attack path fusion algorithm was introduced to correlate historical paths with incre-mental paths,enabling global reconstruction of the attack scenario.Experimental results on both open-source and real-world datasets demonstrate that the proposed method effectively achieved attack scenario reconstruction while significantly reducing computational complexity compared to full analysis method,maintaining stable processing performance in incremental scenarios.关键词
攻击场景重构/多步攻击/告警关联/增量更新/时间窗口Key words
attack scenario reconstruction/multi-stage attack/alert correlation/incremental update/time window分类
信息技术与安全科学引用本文复制引用
赵新建,汤慧敏,陈石,张玉健,张颂,程光..基于告警增量分析的攻击场景实时重构方法[J].网络与信息安全学报,2026,12(2):143-155,13.基金项目
国网江苏省电力有限公司科技项目(No.J2024086) The Science and Technology Project of State Grid JiangSu Electric Power Company(No.J2024086) (No.J2024086)
