作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2006, Vol. 32 ›› Issue (17): 1-3. doi: 10.3969/j.issn.1000-3428.2006.17.001

• 发展趋势/热点技术 •    下一篇

网络安全信息关联与分析技术的研究进展

彭雪娜;闻英友;赵 宏   

  1. 东北大学计算机软件国家工程研究中心,沈阳 110004
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2006-09-05 发布日期:2006-09-05

A Survey on Network Security Information Correlation Techniques

PENG Xuena;WEN Yingyou;ZHAO Hong

  

  1. State Engineering Research Center of Computer Software, Northeastern University, Shenyang 110004
  • Received:1900-01-01 Revised:1900-01-01 Online:2006-09-05 Published:2006-09-05

摘要: 介绍了网络安全信息关联分析技术的背景,指出了该技术解决的问题。根据分析方法的不同,将该技术的现有方法分为4类:基于网络安全信息相似性的分析技术,基于攻击场景识别的分析技术,基于网络安全信息因果关系的分析技术,基于网络安全信息统计因果关系的分析技术。对每类方法的基本思想、现有技术以及存在的问题进行了阐述和分析,对未来的一些工作方向进行了展望。

关键词: 网络安全, 信息分析, 告警聚集, 告警关联

Abstract: The background of the network security information correlation technique is introduced, and the problem that it supposed to solve is clarified. And according to the different methods used in the technique, this paper classifies the methods into four categories: similarity-based analysis, attack-scenario based analysis, causality knowledge based analysis and statical causality based anaylsis. For each category, the basic idea and the existing techniques are introduced and analyzed, and the unsolved problems are pointed out. The development direction and future works are analyzed.

Key words: Network security, Information analysis, Alert clustering, Alert correlation

中图分类号: