期刊文献+

网络安全事件关联分析技术与工具研究 被引量:11

Survey on Network Security Event Correlation Analysis Methods and Tools
下载PDF
导出
摘要 当前,以APT为代表的新型网络安全攻击事件频发并造成了巨大危害,其定制性、隐蔽性、持续性等特点使得传统攻击检测方法难以奏效。然而,随着大数据技术的日益发展,对各类安全相关事件及系统运行环境信息进行了有效关联,使得有效识别这类攻击和威胁成为可能,安全事件关联分析技术也随之应运而生。首先阐述了安全事件关联分析技术的重要性及其目标意义;然后对现有的安全事件关联分析技术进行了综述,从基于属性特征的关联分析、基于逻辑推理的关联分析、基于概率统计的关联分析、基于机器学习的关联分析等方面,分析描述了现有各种安全事件关联分析技术的机理及其优缺点;最后对现有的开源安全事件关联分析软件进行了综述,从应用场景、编程语言、用户接口以及关联方法等角度进行了综合比较。 At present,the frequency of the new network security attacks events represented by APT is increasing,and it is more harmful to the enterprise information infrastructure.The new types of attack have the characteristics of customization,concealment and continuity,and these make it more difficult for traditional detection methods to detect or predict these deep-hidden attacks in time.However,with the development of big data technology,people can correlate the information about security events and system running environment effectively,and this makes it possible to detect new types of attack and threat.In this paper,we expounded the importance of security event correlation analytics,and then discussed the existing correlation analysis techniques from the aspect of event attributes,logical reasoning,statistics and machine learning.Finally we introduced several commonly used open-source correlation analysis software,and synthetically compared them in application scenarios,programming language,user interface,and the correlation method used.
作者 琚安康 郭渊博 朱泰铭 王通 JU An-kang GUO Yuan-bo ZHU Tai-ming WANG Tong(Information Engineering University, Zhengzhou 450001, China State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China)
出处 《计算机科学》 CSCD 北大核心 2017年第2期38-45,共8页 Computer Science
基金 国家自然科学基金(61501515)资助
关键词 关联分析 特征属性 逻辑推理 概率统计 机器学习 Correlation analysis Feature attributes Logical reasoning Statistics Machine learning
  • 相关文献

参考文献7

二级参考文献86

  • 1郭艳红,邓贵仕.基于事例的推理(CBR)研究综述[J].计算机工程与应用,2004,40(21):1-5. 被引量:76
  • 2ZHONG An-ming 1, JIA Chun-fu 1,21.College of Information Technology and Sciences, Nankai University, Tianjin 300071,China,2.State Key Laboratory of Information Security, Institute of Software of Chinese Academy of Science, Beijing 100039,China.Privilege Flow Oriented Intrusion Detection Based on Hidden Semi-MarkovModel[J].Wuhan University Journal of Natural Sciences,2005,10(1):137-141. 被引量:2
  • 3任勋益,王汝传,王海艳.基于自相似检测DDoS攻击的小波分析方法[J].通信学报,2006,27(5):6-11. 被引量:56
  • 4RebeccaGureleyBace著 陈明奇 吴秋新译.入侵检测[M].北京:人民邮电出版社,2001—06.. 被引量:1
  • 5M Esmaili,B Balachandran,R Safavi-Naini et al.Case-Based Reasoning for Intrusion Detection[C].In:Proceeding of the 12th Annual Computer Security Applications Conference, 1996:214-222. 被引量:1
  • 6A Aamodt,E Plaza.Case-Based Reasoning:Foundational Issues, Methodological Variations, and System Approaches[C].In:AICom-Artificial Intelligence Communications,lOS Press, 1994;7:39-59. 被引量:1
  • 7[1]Forrest S, Perrelason AS, Allen L, Cherukur R. Self_Nonself discrimination in a computer. In: Rushby J, Meadows C, eds. Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy. Oakland, CA: IEEE Computer Society Press, 1994. 202~212. 被引量:1
  • 8[2]Ghosh AK, Michael C, Schatz M. A real-time intrusion detection system based on learning program behavior. In: Debar H, Wu SF, eds. Recent Advances in Intrusion Detection (RAID 2000). Toulouse: Spinger-Verlag, 2000. 93~109. 被引量:1
  • 9[3]Lee W, Stolfo SJ. A data mining framework for building intrusion detection model. In: Gong L, Reiter MK, eds. Proceedings of the 1999 IEEE Symposium on Security and Privacy. Oakland, CA: IEEE Computer Society Press, 1999. 120~132. 被引量:1
  • 10[4]Vapnik VN. The Nature of Statistical Learning Theory. New York: Spring-Verlag, 1995. 被引量:1

共引文献159

同被引文献88

引证文献11

二级引证文献33

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部