摘要： 报警关联技术分析不同安全产品产生的报警，从中识别出真正有意义的攻击警报，并减少大量的误报警，降低安全管理员的工作量。该文介绍了报警关联的基本模型和主要技术，分析了主要的关联方法，探讨了报警关联技术的发展方向。这些讨论对应用或发展报警关联技术都有参考价值。

关键词: 入侵检测, 报警关联, 网络安全

Abstract: Many intrusion detection technologies are complementary to each other. The alert correlation technology analyzes alerts generated from different security products, so that false alerts are greatly reduced, real attacks are more easily discerned, accordingly, the work load on system administrators is largely released. Herein, basic models and technologies of alert correlation are discussed. Important correlation algorithms are analyzed; and development tendencies of alert correlation technologies are also predicted.

Key words: intrusion detection, alert correlation, network security

中图分类号: 

• TP309