| Popis: |
In order to obtain the effective network intrusion alarm information, and reveal the intention of attackers, an intrusion scenario dynamic correlation algorithm is proposed based on single value causality diagram. According to the composition principle of single value causality diagram, the key factors of the cause and effect diagram are defined. By relating the alarm information of intrusion detection system, attack scenarios are constructed based on cause and effect diagram, and dynamic correction is conduct. Based on the MIT Lincoln laboratory data sets, the correlation test is done using the above attack scenario correlation algorithm. Test results show that the reconstruction of attack scenarios and actual condition have very good consistency, proving that the proposed correlation algorithm can correctly reflect the real hacker intrusion process. The research of this paper provides effective help for the security administrator to implement effective management measures. |
