| [1] Valdes A, Skinner K. Probabilistic alert correlation[C]//Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection. London, UK: Springer, 2001: 54-68.[2] Ning Peng, Cui Yun, Reeves D S. Constructing attack scenarios through correlation of intrusion alerts[C]//Proceedings of the 9th ACM Conference on Computer and Communications Security. New York, US: ACM, 2002: 245-254.[3] Noel S, Robertson E, Jajodia S. Correlating intrusion event sand building attack scenarios through attack graphdistances[C]//Proceedings of 20th Annual Computer Security Applications Conference. Tucson, AZ, US: IEEE Press, 2004: 350-359.[4] Wang Lingyu, Liu Anyi, Jajodia S. Using attack graphs for correlating, hypothesizing, and predicting intrusionalerts[J]. Computer Communications, 2006, 29(15): 2917-2933.[5] Ahmadinejad S, Jalili S, Abadi M. Ahybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs[J]. Computer Networks, 2011, 55(9): 2221-2240.[6] Anbarestani R, Akbari B, Fathi F. An iterative alert correlation method for extracting network intrusion scenarios[C]//Proceedings of 20th Iranian Conference on Electrical Engineering. Tehran: IEEE Press, 2012: 684-689.[7] Wang C, Yang Jimin. Adaptive feature-weighted alert correlation system applicable in cloud environment[C]//Proceedings of 8th Asia Joint Conference on Information Security. Seoul: IEEE Press, 2013: 41-47.[8] John Burnham. Magic quadrant for security information and event management[EB/OL]. Rosten, VA, USA: Internet Society, 2014[2014-06-24]. http: //securityintelligence. com/gartner-2014-magic-quadrant-siem-security. |
