Abstract: The paper analyzes the method that correlates alerts on the basis of prerequisites and consequences. Then it proposes a method for constructing attack scenarios based on system vulnerabilities and alert relativity. It not only can validate the reliability of alerts through system vulnerabilities, remove false positives, but also can correlate attacks including many steps through alert relativity. The experiment results have demonstrated that the proposed approach can decrease false positives and false negatives effectively. It can help to construct more authentic and integrated attack scenarios.

Key words: vulnerability, relativity, attack scenarios

摘要： 在分析基于攻击前提和后果关联方法的基础上，提出了一种基于系统漏洞和报警相关度的攻击场景构建方法。它不仅能够利用系统漏洞信息验证报警的可靠性，排除误报，而且能够通过报警之间的相关度关联多跳攻击过程。实验结果表明，此方法能够有效地减少误报和漏报，从而有助于构建更加真实完整的攻击场景。

关键词: 漏洞, 相关度, 攻击场景

CLC Number: 

• TP393.08