通过对异构网络的安全事件特点的深入分析,指出在大量不完整、模糊的安全事件中准确地定位潜在的安全威胁,对态势和威胁及其重要程度进行全面及时的评估,是当前安全管理的一个技术难题.提出一种基于时间关联窗口的安全事件模糊关联算法,在一定程度上解决安全事件的漏报与领域知识的不完备性问题,对当前的安全态势、安全威胁及其重要程度进行全面及时评估提供有力的支持.%By thoroughly analysing the features of security events in heterogeneous networks, in this paper we point out that it is a technical poser of current security management to position the potential security menace accurately in a great deal of incomplete and fuzzy security events and to make overall and timely evaluation on the situation and the menace as well as its importance degree.By presenting a fuzzy correlation algorithm of security events based on time correlation window, the problems of missing report of security events and incompleteness of the domain knowledge are to be resolved to a certain extent, and that provides a powerful support to entirely and timely evaluating current security situation, security menace and their importance degrees.
展开▼
