| 一种面向特定网络服务的异常检测方法 |
| |
| 引用本文: | 任会彩,罗军舟,魏蜀曦.一种面向特定网络服务的异常检测方法[J].华中科技大学学报(自然科学版),2005,33(Z1):313-316. |
| |
| 作者姓名: | 任会彩 罗军舟 魏蜀曦 |
| |
| 作者单位: | 东南大学,计算机科学与工程系,江苏,南京,210096 |
| |
| 基金项目: | 江苏省“网络与信息安全”重点实验室资助项目(BM2003201),江苏省高技术研究资助项目(BG2004036) |
| |
| 摘 要: | 通过对入侵检测技术以及攻击种类的分析,发现常用的网络流量模型和简单的应用模型不能很好地检测R2L(Remote to Local)和U2R(User to Root)两类攻击.为此,提出一种面向特定网络服务的异常检测方法,考虑了特定网络服务的负载知识,结合信息论相关理论和n-gram分析方法,对正常服务请求报文的类型、长度、负载分布建立模型,对检测对象计算其特征异常值,有效检测R2L和U2R两类攻击.将该方法与误用检测结合,能有效提高入侵检测的准确性.
|
| 关 键 词: | 网络安全 异常入侵检测 网络负载知识 |
| 文章编号: | 1671-4512(2005)S1-0313-04 |
| 修稿时间: | 2005年8月15日 |
A method of anomaly detection oriented specific network service |
| |
| Ren Huicai,Luo Junzhou,Wei Shuxi.A method of anomaly detection oriented specific network service[J].JOURNAL OF HUAZHONG UNIVERSITY OF SCIENCE AND TECHNOLOGY.NATURE SCIENCE,2005,33(Z1):313-316. |
| |
| Authors: | Ren Huicai Luo Junzhou Wei Shuxi |
| |
| Institution: | Ren Huicai Luo Junzhou Wei ShuxiPostgraduate,Dept.of Computer Sci.& Eng.,Southeast University,Nanjing 210096,China. |
| |
| Abstract: | After anaylsing the development of intrusion detection technology and the classes of attacks,It is found that the commonly used network traffic module and simple application module can not efficiently detect the R2L(Remote to Local) and U2R(User to Root) attacks.In this paper,a method of anomaly detection oriented specific network service is presented.It takes the application payload into account,combing the Shannon information theory with n-gram analysis,and moduling the length,type and payload distribution of normal service request.It computes the anomaly score of the object and can detect the U2R and R2L attacks.Incorporating the misuse detection into system,it can improve the performance of IDS. |
| |
| Keywords: | network security anomaly intrusion detection network traffic payload |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
