| 摘要 |
The present invention relates to a method of risk analysis in an automatic intrusion response system that provides computer-related security in a large scale dynamic network environment, comprising: (a) classifying intrusion detection information by using IDMEF data model; (b) establishing a risk assessment knowledge base; (c) learning rules of said knowledge base; and (d) assessing the risk level of an external attack based upon said knowledge base. Said risk level is determined by parameters such as intrusion detection information, weakness information, network bandwidth, system performance and importance, and frequency of attacks, etc.
|
