本文選題：威脅行為檢測(cè) + 警報(bào)關(guān)聯(lián)　； 參考：《國防科技大學(xué)學(xué)報(bào)》2017年05期

【摘要】：基于警報(bào)關(guān)聯(lián)的網(wǎng)絡(luò)威脅行為檢測(cè)技術(shù)因其與網(wǎng)絡(luò)上大量部署的安全產(chǎn)品耦合,且能充分挖掘異常事件之間的關(guān)聯(lián)關(guān)系以提供場(chǎng)景還原證據(jù),正成為復(fù)雜威脅行為檢測(cè)的研究熱點(diǎn)。從威脅行為和網(wǎng)絡(luò)安全環(huán)境的特點(diǎn)出發(fā),引出威脅行為檢測(cè)的應(yīng)用需求和分類,介紹基于警報(bào)關(guān)聯(lián)的威脅行為檢測(cè)的基本概念和系統(tǒng)模型;重點(diǎn)論述作為模型核心的警報(bào)關(guān)聯(lián)方法,并分類介紹了各類典型算法的基本原理和特點(diǎn),包括基于因果邏輯的方法、基于場(chǎng)景的方法、基于相似性的方法和基于數(shù)據(jù)挖掘的方法;并結(jié)合實(shí)例介紹了威脅行為檢測(cè)系統(tǒng)的三種典型結(jié)構(gòu),即集中式結(jié)構(gòu)、層次式結(jié)構(gòu)和分布式結(jié)構(gòu);基于當(dāng)前研究現(xiàn)狀,提出了對(duì)未來研究趨勢(shì)的一些認(rèn)識(shí)。
[Abstract]:The network threat behavior detection technology based on alert association is coupled with a large number of security products deployed on the network and can fully mine the correlation between abnormal events to provide scene restore evidence. It is becoming a hotspot in the research of complex threat behavior detection. Based on the characteristics of threat behavior and network security environment, the application requirements and classification of threat behavior detection are introduced, and the basic concepts and system models of threat behavior detection based on alert association are introduced. As the core of the model, the alarm association method is discussed, and the basic principles and characteristics of various typical algorithms are introduced, including the method based on causality logic and the method based on scene. This paper introduces three typical structures of threat behavior detection system based on similarity and data mining, which are centralized structure, hierarchical structure and distributed structure. Some understanding of the future research trend is put forward.
【作者單位】： 國防科技大學(xué)計(jì)算機(jī)學(xué)院并行與分布處理重點(diǎn)實(shí)驗(yàn)室;國防科技大學(xué)計(jì)算機(jī)學(xué)院網(wǎng)絡(luò)工程系;
【基金】：國家自然科學(xué)基金資助項(xiàng)目(61379052) 國家863計(jì)劃資助項(xiàng)目(2013AA01A213) 湖南省自然科學(xué)基金杰出青年基金資助項(xiàng)目(14JJ1026) 高等學(xué)校博士學(xué)科點(diǎn)專項(xiàng)科研基金資助課題(20124307110015)
【分類號(hào)】：TP393.08
，

本文編號(hào)：1933097