摘要翻译：
自动警报关联的前提是接受来自低级入侵检测系统的错误警报是不可避免的，并使用攻击模型以可理解的方式解释输出。为此目的存在几种算法，它们使用攻击图来建模攻击可以组合的方式。这些算法可以分为两大类：场景图法和类型图法，前者从漏洞评估开始创建攻击模型，后者依赖于攻击类型之间关系的抽象模型。为了提高类型图关联的效率，人们进行了一些研究，但这些研究忽略了缺失告警的假设。我们的工作是提出一种新的类型图算法，它将相关性和假设性统一到单个操作中。我们的实验结果表明，该方法在面对密集的报警时非常有效，并产生了与其他技术相比较的紧凑的输出图。
---
英文标题：
《Real-Time Alert Correlation with Type Graphs》
---
作者：
Gianni Tedesco, Uwe Aickelin
---
最新提交年份：
2010
---
分类信息：

一级分类：Computer Science        计算机科学
二级分类：Artificial Intelligence        人工智能
分类描述：Covers all areas of AI except Vision, Robotics, Machine Learning, Multiagent Systems, and Computation and Language (Natural Language Processing), which have separate subject areas. In particular, includes Expert Systems, Theorem Proving (although this may overlap with Logic in Computer Science), Knowledge Representation, Planning, and Uncertainty in AI. Roughly includes material in ACM Subject Classes I.2.0, I.2.1, I.2.3, I.2.4, I.2.8, and I.2.11.
涵盖了人工智能的所有领域，除了视觉、机器人、机器学习、多智能体系统以及计算和语言（自然语言处理），这些领域有独立的学科领域。特别地，包括专家系统，定理证明（尽管这可能与计算机科学中的逻辑重叠），知识表示，规划，和人工智能中的不确定性。大致包括ACM学科类I.2.0、I.2.1、I.2.3、I.2.4、I.2.8和I.2.11中的材料。
--
一级分类：Computer Science        计算机科学
二级分类：Cryptography and Security        密码学与安全
分类描述：Covers all areas of cryptography and security including authentication, public key cryptosytems, proof-carrying code, etc. Roughly includes material in ACM Subject Classes D.4.6 and E.3.
涵盖密码学和安全的所有领域，包括认证、公钥密码系统、携带证明的代码等。大致包括ACM主题课程D.4.6和E.3中的材料。
--

---
英文摘要：
  The premise of automated alert correlation is to accept that false alerts from a low level intrusion detection system are inevitable and use attack models to explain the output in an understandable way. Several algorithms exist for this purpose which use attack graphs to model the ways in which attacks can be combined. These algorithms can be classified in to two broad categories namely scenario-graph approaches, which create an attack model starting from a vulnerability assessment and type-graph approaches which rely on an abstract model of the relations between attack types. Some research in to improving the efficiency of type-graph correlation has been carried out but this research has ignored the hypothesizing of missing alerts. Our work is to present a novel type-graph algorithm which unifies correlation and hypothesizing in to a single operation. Our experimental results indicate that the approach is extremely efficient in the face of intensive alerts and produces compact output graphs comparable to other techniques.
---
PDF链接：
https://arxiv.org/pdf/1004.4089