论文部分内容阅读
本文提出了一种基于入侵行为模式的告警关联方式。入侵行为模式是定义在时间基础上的一组谓词公式,其实质是通过时间限制联系在一起的入侵事件的集合。该方法在对大量告警进行关联的同时,对虚警的处理尤为有效。
This paper presents a warning association based on intrusion patterns. Intrusion behavior patterns are a set of predicate formulas defined on a time basis, essentially in the form of a collection of intrusion events that are tied together by time constraints. This method is especially effective for handling false alarms while associating a large number of alarms.