| 基于防火墙的网络入侵检测系统 |
| |
| 引用本文: | 李信满,赵宏,马士军.基于防火墙的网络入侵检测系统[J].东北大学学报(自然科学版),2001,22(5):489-492. |
| |
| 作者姓名: | 李信满 赵宏 马士军 |
| |
| 作者单位: | 东北大学软件中心;东北大学软件中心;东北大学软件中心辽宁沈阳110003;辽宁沈阳110003;辽宁沈阳110003 |
| |
| 基金项目: | 国家“八六三”高技术项目 ( 86 3 30 6 ZT0 5 0 5 5 ) |
| |
| 摘 要: | 提出了一个基于防火墙的网络入侵检测系统模型,克服了传统入侵检测系统不能实现主动控制的缺陷,并对设计与实现中的关键技术做了详细的描述·该系统在数据链路层截取实时的数据包,对其进行基于安全策略的访问控制分析;同时利用事件发生器从截获的IP包中提取出概述性事件信息并传送给入侵检测模块进行安全分析·入侵检测模块采用基于统计的入侵检测技术,并采用了NaiveBayes算法·基于该模型设计实现的系统在实际测试中表明对于具有统计特性的网络入侵具有较好的检测与控制能力·
|
| 关 键 词: | 入侵检测 防火墙 NaiveBayes算法 安全策略 访问控制 异常检测 |
| 文章编号: | 1005-3026(2001)05-0489-04 |
| 修稿时间: | 2000年11月28日 |
Firewall-Based Intrusion Detection System |
| |
| LI Xin man,ZHAO Hong,MA Shi jun.Firewall-Based Intrusion Detection System[J].Journal of Northeastern University(Natural Science),2001,22(5):489-492. |
| |
| Authors: | LI Xin man ZHAO Hong MA Shi jun |
| |
| Abstract: | A network intrusion detection system (IDS) based on firewall was described. This system may solve the problem of the traditional IDS which is lack of the active access control online. In this model, time varying data packets are captured on data link layer,and then filtered according to the security policy. Meanwhile,the captured IP packets are reduced to summary events by the event engine to represent the important attributes. After that, these events are transferred to the intrusion detection module to make intrusion analysis. Statistics based intrusion detection and Naive Bayes algorithm were used. The prototype system based on the model was implemented and tested in the real network environment. The system is good at detecting and controlling the network intrusions with statistical features in nature. |
| |
| Keywords: | intrusion detection firewall Naive Bayes algorithm security policy access control anomaly detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《东北大学学报(自然科学版)》浏览原始摘要信息 |
| 点击此处可从《东北大学学报(自然科学版)》下载免费的PDF全文 |
