In view of the fact that a single event as an attack detection feature leads to a higher false positive rate, an intranet attack detection method using Bayesian network model for cross-space event correlation and Kalman filter linear model for cross-temporal event correlation was proposed. Based on the method, a process query system was implemented, which can scan and correlate distributed network events according to the user's high-level process description. Experimental analysis show that the proposed method can significantly reduce the false positive rate of intranet attack detection without increasing the computational overhead.

• 单位
  中国科学院大学; 北京交通大学