| 入侵检测系统的数据收集机制研究 |
| |
| 引用本文: | 张然,钱德沛,包崇明,栾钟治.入侵检测系统的数据收集机制研究[J].西安交通大学学报,2003,37(4):368-371. |
| |
| 作者姓名: | 张然 钱德沛 包崇明 栾钟治 |
| |
| 作者单位: | 1. 西安交通大学电子与信息工程学院,710049,西安
2. 中国科学院软件所 |
| |
| 基金项目: | “九七三”国家重点基础研究项目 (G19990 32 710 ),国家自然科学基金资助项目 (90 10 40 2 2 ) . |
| |
| 摘 要: | 基于对入侵检测所采用的数据收集方法的分类和分析,提出了一种基于多代理的分布式数据收集模型,介绍了该模型的数据收集方法和协同检测过程,该模型分别在网络的关键入口处以及主机的重要应用和网络接口处部署检测代理,各检测代理根据不同情况采用不同的数据收集方法对各种可疑数据进行收集,并通过协调代理对下层检测代理提交的数据进行协同分析。结果表明,这种数据收集模型为协同检测奠定了基础,提高了对分布式攻击的检测能力。
|
| 关 键 词: | 入侵检测 数据收集 协同检测 |
| 文章编号: | 0253-987X(2003)04-0368-04 |
| 修稿时间: | 2002年8月20日 |
Research on Data Collection Mechanisms for Intrusion Detection System |
| |
| Zhang Ran ,Qian Depei ,Bao Chongming ,Luan Zhongzhi.Research on Data Collection Mechanisms for Intrusion Detection System[J].Journal of Xi'an Jiaotong University,2003,37(4):368-371. |
| |
| Authors: | Zhang Ran Qian Depei Bao Chongming Luan Zhongzhi |
| |
| Institution: | Zhang Ran 1,Qian Depei 1,Bao Chongming 2,Luan Zhongzhi 1 |
| |
| Abstract: | Based on the classification and analysis of different data collection methods used in intrusion detection. a model of multi agent in view of data collection is put forward, and the corresponding data collection methods and process of collaborative detection are introduced. This model deploys individually detection agents on the primary entrance of network and network interfaces of the hosts with the important applications. Every agent uses several respective methods to collect suspicious data over against the different situations, and coordination agent analyses cooperatively the data submitted by lower detection agents. It is shown that this model of data collection establishes the basis of collaborative detection and greatly improves the capability of detecting distributed attacks. |
| |
| Keywords: | intrusion detection data collection collaborative detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
