Abstract: Intrusion process consists of a series of intrusion behavior, which comprises one or some intrusion events. There are various relations among these intrusion events. Intrusion characteristic is studied, and intrusion events are classified by those aspects of intrusion. By defining intrusion event, common model of intrusion events is established. Based on analysis of time relations, space relations and function relations among intrusion events, the logical model, statistical model and fuzzy model are established. With these models, intrusion behavior can be represented. And it is testified by instance.

Key words: intrusion events, event relation, event model

摘要： 入侵过程由一系列入侵行为组成，每个入侵行为包含一个或多个入侵事件，这些事件间可能存在各种各样的关系。该文对入侵事件特征进行研究，从检测角度对入侵事件进行分类。定义了入侵事件，建立了入侵事件的一般模型。从时间、空间和功能方面分析了事件间的内在联系，并依据这些关系建立了入侵事件逻辑、统计和模糊模型，以描述不同的入侵行为，并举实例予以分析。

关键词: 入侵事件, 事件关系, 事件模型

CLC Number: 

• TP393.08