| 基于分布式网络入侵检测系统的研究及其实现 |
| |
| 引用本文: | 王小玲,李凌,赵可.基于分布式网络入侵检测系统的研究及其实现[J].中南大学学报(自然科学版),2005,36(6):1074-1078. |
| |
| 作者姓名: | 王小玲 李凌 赵可 |
| |
| 作者单位: | 中南大学,信息科学与工程学院,湖南,长沙,410083 |
| |
| 摘 要: | 在分析现有网络入侵检测系统局限性的基础上,提出一个基于模式匹配误用检测技术的分布式网络入侵检测系统模型。该模型可用于应用层协议分析,提高了检测精度;采用协议流分析技术,减少了检测时间与误报率;采用中断会话和防火墙联动,可实现主动响应;在主体智能协作与负载平衡上考虑了其分布式的特性;在Linux环境下构建基于实时智能协作引擎的原型系统,验证该模型的特性。
|
| 关 键 词: | 入侵检测 网络入侵检测系统 实时智能协作引擎 |
| 文章编号: | 1672-7207(2005)06-1074-05 |
| 收稿时间: | 2004-12-26 |
| 修稿时间: | 2004年12月26 |
Study & realization of the distributed network based intrusion detection system |
| |
| WANG Xiao-ling,LI Ling,ZHAO Ke.Study & realization of the distributed network based intrusion detection system[J].Journal of Central South University:Science and Technology,2005,36(6):1074-1078. |
| |
| Authors: | WANG Xiao-ling LI Ling ZHAO Ke |
| |
| Institution: | School of Information Science and Engineering, Central South University, Changsha 410083, China |
| |
| Abstract: | After analyzing limitations of existing network-based intrusion detection system, the paper raised a distributed network-based intrusion detection system model, which is based on feature ranking misusing detection technology and can adapt well to existing network status. This model extends to application layer protocol analysis, so that, the precision of detection is improved; Protocol flow analyzer is adapted to shorten the detection interval and misinformation ratiot Session-halt and fire-wall are introduced to implement active-response. In order to validate features of the model, RICE-based raw system is built in Linux environment. |
| |
| Keywords: | intrusion detection network-based intrusion detection system real-time intelligent cooperation engine |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
