攻击场景是指入侵者为达到入侵目的所采取的一系列攻击步骤。目前的攻击场景重构方法只基于入侵检测系统的报警消息,漏报和误报严重影响了攻击场景的准确重构。提出了证据支持度的概念,将日志关联融合到攻击场景重构的过程中,提出了一种新的攻击场景重构模型,有效地提高了攻击场景重构的准确度。 The attack scenario refers to a series of attack steps taken by the intruder to achieve the purpose of the invasion. The current reconstruction method of attack scenarios is only based on the alarm messages of the intrusion detection system. Missing and false positives significantly affect the accurate reconstruction of attack scenarios. Proposed the concept of evidence support degree, integrated the log correlation into the reconstruction of attack scenario, and proposed a new attack scenario reconstruction model, which effectively improved the accuracy of attack scenario reconstruction.