本文選題：威脅行為檢測 + 警報關聯(lián)��； 參考：《國防科技大學學報》2017年05期

【摘要】：基于警報關聯(lián)的網(wǎng)絡威脅行為檢測技術因其與網(wǎng)絡上大量部署的安全產品耦合,且能充分挖掘異常事件之間的關聯(lián)關系以提供場景還原證據(jù),正成為復雜威脅行為檢測的研究熱點。從威脅行為和網(wǎng)絡安全環(huán)境的特點出發(fā),引出威脅行為檢測的應用需求和分類,介紹基于警報關聯(lián)的威脅行為檢測的基本概念和系統(tǒng)模型;重點論述作為模型核心的警報關聯(lián)方法,并分類介紹了各類典型算法的基本原理和特點,包括基于因果邏輯的方法、基于場景的方法、基于相似性的方法和基于數(shù)據(jù)挖掘的方法;并結合實例介紹了威脅行為檢測系統(tǒng)的三種典型結構,即集中式結構、層次式結構和分布式結構;基于當前研究現(xiàn)狀,提出了對未來研究趨勢的一些認識。
[Abstract]:The network threat behavior detection technology based on alert association is coupled with a large number of security products deployed on the network and can fully mine the correlation between abnormal events to provide scene restore evidence. It is becoming a hotspot in the research of complex threat behavior detection. Based on the characteristics of threat behavior and network security environment, the application requirements and classification of threat behavior detection are introduced, and the basic concepts and system models of threat behavior detection based on alert association are introduced. As the core of the model, the alarm association method is discussed, and the basic principles and characteristics of various typical algorithms are introduced, including the method based on causality logic and the method based on scene. This paper introduces three typical structures of threat behavior detection system based on similarity and data mining, which are centralized structure, hierarchical structure and distributed structure. Some understanding of the future research trend is put forward.
【作者單位】： 國防科技大學計算機學院并行與分布處理重點實驗室;國防科技大學計算機學院網(wǎng)絡工程系;
【基金】：國家自然科學基金資助項目(61379052) 國家863計劃資助項目(2013AA01A213) 湖南省自然科學基金杰出青年基金資助項目(14JJ1026) 高等學校博士學科點專項科研基金資助課題(20124307110015)
【分類號】：TP393.08
，

本文編號：1933097