The thinking , model and implementation of alert correlation are given . and the key - arithmetic is implemented . productions of this thesis have been applied in national high technology research and development program of china ( 863 program “ the network security monitor and the warning technology ” , no : 2003aa142010 ) , and make foundation for the pass of middle examination of 863 experts 在aism模型的基础上提出了修正的abaim模型,该模型能更好地兼容idmef的工作,包含了危急度信息,并且具有更强的表达能力; 4 .在crim的基础上提出了分布式ids警报关联框架,给出了警报关联的实现思路、警报聚集的实现模型,并实现了其中关键算法;在此基础上,给出了海量警报的几何显示方法。
