WA-IDS： A Distributed Intrusion Detection System Based on Data Mining

Aiming at the shortcomings in intrusion detection systems (IDSs) used in commercial and research fields, we propose the MAIDS system, a distributed intrusion detection system based on data mining. In this model, misuse intrusion detection system (MIDS) and anomaly intrusion detcction system (AIDS) are combined. Data mining is applicd to raise detection performance, and distributed mechanism is employed to increase the scalability and efficiency. Host- and network based mining algorithms employ an improved Bayesian decision theorem that suits for real security environment to minimize the risks incurred by false decisions. We describe the overall architeeture of thc MA-IDS system, and discusss pecific design and implementation issue.     

An Intrusion Alarming System Based on Self-Similarity of Network Traffic

Intrusion detection system can make effective alarm for illegality of network users, which is absolutely necessarily and important to build security environment of communication base service. According to the principle that the number of network traffic can affect the degree of self-similar traffic, the paper investigates the variety of self-similarity resulted from unconventional network traffic. A network traffic model based on normal behaviors of user is proposed and the Hurst parameter of this model can be calculated. By comparing the Hurst parameter of normal traffic and the self-similar parameter, we can judge whether the network is normal or not and alarm in time.     

抵御蠕虫攻击的一种方法-Honeypot系统

Internet大面积遭受蠕虫攻击的事件时有发生，针对这种问题，引入Honeypot技术，结合入侵检测系统(IDS)、数据挖掘提出了一种解决办法：将Honeypot置于DMZ中，利用其欺骗地址空间技术覆盖服务器中没有用到的IP地址，捕获蠕虫；IDS监控流入网络的数据包，对入侵作出反映；系统日志异地保存。该系统能有效抵御目前已经出现的蠕虫攻击，同时对新出现的目前未知的蠕虫攻击也有很好的防御效果。     

基于Intranet入侵检测的研究

阐述了Intranet与入侵检测系统的相关理论和基本原理，设计了基于Intranet的入侵检测系统框架．给出了简单实用的模式匹配算法，即使在最坏的情况下也有较好的效率．该系统实现了网络系统安全的动态监测和监控，是一种新型网络安全策略．     

盐渍土区生态水文过程及其盐渍化效应

盐渍土区生态、水文过程及其耦合作用机制是当前盐渍化、次生盐渍化产生的根源。目前的研究主要是从土壤水盐动态、地表水文格局及其生态效应、生态地下水位、生态需水等角度对盐渍土区生态水文过程进行研究和探讨,尚未能揭示清楚盐渍土形成和演化的生态水文学机制。未来需要就生态、水文过程及其耦合作用机制,地表水、地下水以及土壤水之间的相互转化关系及其生态效应,基于生态水文过程的生态需水,以及构建流域尺度盐渍化生态水文模型等进行深入研究,以便为盐渍土区生态环境的维护和恢复、生态与社会经济的和谐提供理论与实践指导。     

基于内部网络安全的防火墙系统的改进

针对传统的边界防火墙不能防范来自内部的攻击、效率较低和故障率高、网络应用受到结构性限制等问题,提出了把分布式防火墙系统和分布式入侵检测系统结合在一起的安全防御系统.由防火墙进行访问控制,入侵检测系统检测入侵行为并反馈入侵信息,中央控制平台对各模块统一管理和配置,从而为内部网络提供了立体的、多层次的防御.     

两种特征提取技术在入侵检测中的应用

在介绍主成分分析方法和核主成分分析方法原理基础上,分别采用这两种方法对KDDCUP99中的入侵检测数据进行特征提取,然后把特征提取后的数据送入神经网络进行训练。仿真实验结果表明,两种方法中核主成分分析方法具有更优秀的特征提取性能。     

Intrusion Detection Method for Program Vulnerability via Library Calls

Library function call sequence is the direct reflection of a program＇s behavior. The relationship between program vulnerability and library calls is analyzed, and an intrusion detection method via library calls is proposed, in which the short sequences of library call are used as signature profile. In this intrusion detection method, library interposition is used to hook library calls, and with the discussion of the features of the library call sequence in detail, an algorithm based on information-theory is applied to determine the appropriate length of the library call sequence. Experiments show good performance of our method against intrusions caused by the popular program vulnerabilities.