-
公开(公告)号:US07735141B1
公开(公告)日:2010-06-08
申请号:US11371938
申请日:2006-03-10
CPC分类号: H04L41/12 , H04L63/1425
摘要: Disclosed is a system for correlating intrusion events using attack graph distances. The system includes an attack graph generator, an exploit distance calculator, an intrusion detector, an event report/exploit associator, an event graph creator, an event graph distance calculator, a correlation value calculator, and a coordinated attack analyzer. An attack graph is constructed for exploits and conditions in a network. The exploit distance calculator determines exploit distances for exploit pair(s). The intrusion detector generates event. Events are associated with exploits. Event graph distances are calculated. Correlation values are calculated for event pair(s) using event graph distances. The correlation values are analyzed using a correlation threshold to detect coordinated attacks.
摘要翻译: 公开了一种使用攻击图距离来相关入侵事件的系统。 该系统包括攻击图生成器,利用距离计算器,入侵检测器,事件报告/利用关联器,事件图形创建器,事件图距离计算器,相关值计算器和协调攻击分析器。 为网络中的利用和条件构建攻击图。 利用距离计算器确定漏洞利用距离。 入侵检测器生成事件。 事件与漏洞相关联。 计算事件图距离。 使用事件图距离计算事件对的相关值。 使用相关阈值分析相关值以检测协调的攻击。
搜索结果
1 条记录 (耗时 0.016 秒)
筛选
AND
AND
过滤
NOT
NOT
扫码加群
