Changes between Version 4 and Version 5 of waue/2009/0804


Ignore:
Timestamp:
Aug 4, 2009, 5:07:20 PM (16 years ago)
Author:
waue
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • waue/2009/0804

    v4 v5  
     1
     2{{{
     3Merge Algorithm
     4output: correlated_event queue
     5global: event_scenario , MO_win_size
     6
     71. pull the top event
     82. if OO_events queue == NULL
     93. new OO_events as event_scenario in event queue
     104. OO_events inherit event
     115. while event-queue ≠ NULL
     12{
     136. pull the top event
     147. if event.timestamp < ( OO_events.end_time + win_size )
     158. Search a correlated_event in correlated_event queue that correlated_event.{ IP_dst,
     16port_dst,signature } == event.{ IP_dst, port_dst, signature }
     179. correlated_event _event.endtime max(event.endtime, MO_event.endtime)
     1810. correlated_event.reference append (event.id )
     1911. correlated_event.IP_src correlated_event. IP_ src ∪ event. IP_ src
     20correlated_event t.port_src correlated_event. port_src ∪ event. port_ src
     2112. else
     2213. new OO_events as event_scenario in event queue
     2314. OO_events inherit event
     24}
     2515 return correlated_event queue
     26
     27
     28
     29}}}
     30
    131
    232 * the merge component of SEC