{"title":"多层次关联在网络安全管理统一平台中的应用:设计与实现","authors":"Zheng Wu, Debao Xiao, Min Xiao, Xi Peng","doi":"10.1109/ISECS.2008.85","DOIUrl":null,"url":null,"abstract":"Alert correlation is the method used to analyze the implicit relation among attacks so as to discover real threats. There already have been several proposals on alert correlation, such as the methods based on predefined knowledge and the methods need no predefined knowledge. But they all have their drawbacks. Generally, the predefined knowledge based methods have no ability to recognize unknown attacks, and the non predefined knowledge based methods lack the capability to analyze multistep attacks. This paper presents a multilevel correlation method used in the Unified Platform of Network Security Management (UPNSM). This method combines the two methods mentioned above together in analyzing multisource alerts. The goal is to pull out false positive, extract real threats and discover unknown attacks. Experiments show that our multilevel correlation modeling and deployment techniques are effective in achieving this goal.","PeriodicalId":144075,"journal":{"name":"2008 International Symposium on Electronic Commerce and Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Using Multilevel Correlation in a Unified Platform of Network Security Management: Design and Implementation\",\"authors\":\"Zheng Wu, Debao Xiao, Min Xiao, Xi Peng\",\"doi\":\"10.1109/ISECS.2008.85\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Alert correlation is the method used to analyze the implicit relation among attacks so as to discover real threats. There already have been several proposals on alert correlation, such as the methods based on predefined knowledge and the methods need no predefined knowledge. But they all have their drawbacks. Generally, the predefined knowledge based methods have no ability to recognize unknown attacks, and the non predefined knowledge based methods lack the capability to analyze multistep attacks. This paper presents a multilevel correlation method used in the Unified Platform of Network Security Management (UPNSM). This method combines the two methods mentioned above together in analyzing multisource alerts. The goal is to pull out false positive, extract real threats and discover unknown attacks. Experiments show that our multilevel correlation modeling and deployment techniques are effective in achieving this goal.\",\"PeriodicalId\":144075,\"journal\":{\"name\":\"2008 International Symposium on Electronic Commerce and Security\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-08-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 International Symposium on Electronic Commerce and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISECS.2008.85\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 International Symposium on Electronic Commerce and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISECS.2008.85","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Using Multilevel Correlation in a Unified Platform of Network Security Management: Design and Implementation
Alert correlation is the method used to analyze the implicit relation among attacks so as to discover real threats. There already have been several proposals on alert correlation, such as the methods based on predefined knowledge and the methods need no predefined knowledge. But they all have their drawbacks. Generally, the predefined knowledge based methods have no ability to recognize unknown attacks, and the non predefined knowledge based methods lack the capability to analyze multistep attacks. This paper presents a multilevel correlation method used in the Unified Platform of Network Security Management (UPNSM). This method combines the two methods mentioned above together in analyzing multisource alerts. The goal is to pull out false positive, extract real threats and discover unknown attacks. Experiments show that our multilevel correlation modeling and deployment techniques are effective in achieving this goal.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
