[1] 国家互联网应急中心. 2017年中国互联网网络安全报告[EB/OL]. [2019-03-25]. http://www.cert.org.cn/publish/main/upload/File/2017annual(1).pdf.
[2] 郭春. 基于数据挖掘的网络入侵检测关键技术研究[D]. 北京:北京邮电大学, 2014.
[3] MIANI R S, ZARPELO B B, SOBESTO B, et al. A practical experience on evaluating intrusion prevention system event data as indicators of security issues[C]// 2015 IEEE 34th Symposium on Reliable Distributed Systems. 2016:296-305.
[4] SALAH S, MACI-FERNNDEZ G, DAZ-VERDEJO J E. A model-based survey of alert correlation techniques[J]. Computer Networks, 2013,57(5):1289-1317.
[5] CHEUNG S, LINDQVIST U, FONG M W. Modeling multistep cyber attacks for scenario recognition[C]// DARPA Information Survivability Conference & Exposition. 2003:284-292.
[6] ECKMANN S T, VIGNA G, KEMMERER R A. STATL: An Attack Language for State-based Intrusion Detection[M]. IOS Press, 2012.
[7] 旷庆圆,武斌,伍淳华. 基于攻击意图的安全事件关联算法[C]// 第十九届全国青年通信学术年会论文集. 2014:241-246.〖HJ1.08mm〗
[8] 李之棠,王莉,李东. 一种新的在线攻击意图识别方法研究[J]. 小型微型计算机系统, 2008,29(7):1347-1352.
[9] 田志宏,张永铮,张伟哲,等. 基于模式挖掘和聚类分析的自适应告警关联[J]. 计算机研究与发展, 2009,46(8):1304-1315.
[10]BAMASAK O O, BAHARETH F A . Constructing attack scenario using sequential pattern mining with correlated candidate sequences[J]. International Journal of ACM Jordan, 2013,2(3):102-108.
[11]王泽芳,袁平,黄晓芳. 一种新的多步攻击场景构建技术研究[J]. 西南科技大学学报, 2016,31(1):55-60.
[12]VALDES A, SKINNER K. Probabilistic alert correlation[C]// International Workshop on Recent Advances in Intrusion Detection. 2001:54-68.
[13]DAIN O, CUNNINGHAM R K. Fusing a heterogeneous alert stream into scenarios[C]// Proceedings of 2001 ACM Workshop on Data Mining for Security Applications. 2001:103-122.
[14]HOFMANN A, SICK B. Online intrusion alert aggregation with generative data stream modeling[J]. International Journal of Electronics & Computer Science Engineering, 2012,1(4):282-294.
[15]CHEN S, LEUNG H, DONDO M. Characterization of computer network events through simultaneous feature selection and clustering of intrusion alerts[C]// Proceedings of the SPIE on Multisensor, Multisource Intormation Fusion: Architectures, Algorithms, and Applications. 2014.
[16]NING P, CUI Y, REEVES D S, et al. Techniques and tools for analyzing intrusion alerts[J]. ACM Transactions on Information & System Security, 2004,7(2):274-318.
[17]王硕,汤光明,王建华,等. 基于因果知识网络的攻击场景构建方法[J]. 计算机研究与发展, 2018,55(12):2620-2636.
[18]黄静耘. 基于大数据分析的网络攻击场景重建系统[D]. 天津:天津理工大学, 2017.
[19]樊迪,刘静,庄俊玺,等. 基于因果知识发现的攻击场景重构研究[J]. 网络与信息安全学报, 2017,3(4):58-68.
[20]RAMAKI A A, KHOSRAVI-FARMAD M, BAFGHI A G. Real time alert correlation and prediction using Bayesian networks[C]// Proceedings of 2015 12th International Iranian Society of Cryptology Conference on Information Security & Cryptology. 2016:98-103.
[21]SHITTU R, HEALING A, GHANEA-HERCOCK R, et al. Intrusion alert prioritisation and attack detection using post-correlation analysis[J]. Computers & Security, 2015,50(C):1-15.
[22]穆成坡,黄厚宽,田盛丰. 入侵检测系统报警信息聚合与关联技术研究综述[J]. 计算机研究与发展, 2006(1):1-8.
[23]AHMED T, SIRAJ M M, ZAINAL A, et al. A taxonomy on intrusion alert aggregation techniques[C]// International Symposium on Biometrics & Security Technologies. 2015.
[24]MIT Lincoln Laboratory. 2000 DARPA Intrusion Detection Scenario Specific Dataset[EB/OL]. [2019-03-25]. https://www.ll.mit.edu/r-d/datasets/2000-darpa-intrusion-detection-scenario-specific-datasets. |