| 基于行为关联的Web自适应入侵检测系统设计与实现 |
| |
| 引用本文: | 赵东平,郑卫斌,张德运. 基于行为关联的Web自适应入侵检测系统设计与实现[J]. 大连理工大学学报, 2005, 45(Z1): 142-145 |
| |
| 作者姓名: | 赵东平 郑卫斌 张德运 |
| |
| 作者单位: | 西安交通大学,计算机科学与技术系,陕西,西安,710049 |
| |
| 摘 要: | 提出了一种适用于Web服务器的自适应入侵检测机制,将检测模块直接嵌入Web服务器中,采用客户访问行为关联预测,配合异常检测和误用检测,动态产生和调整特征规则,确定合法请求,过滤异常请求并确认攻击类型,从而达到预防新型攻击与检测已知攻击事件的目的. 对实现的系统进行了测试验证,在一般攻击扫描情况下攻击检测准确率可高达95.8%.
|
| 关 键 词: | 入侵检测 Web入侵 异常 误用 访问行为关联 |
| 文章编号: | 1004-5619(2005)04-0320-04 |
Design and implementation of adaptive intrusion detection system based on Web access behavior relevancy |
| |
| ZHAO Dong-ping,ZHENG Wei-bin,ZHANG De-yun. Design and implementation of adaptive intrusion detection system based on Web access behavior relevancy[J]. Journal of Dalian University of Technology, 2005, 45(Z1): 142-145 |
| |
| Authors: | ZHAO Dong-ping ZHENG Wei-bin ZHANG De-yun |
| |
| Abstract: | To address the problem of application-level web security,an adaptive intrusion detection system is proposed,which is embedded directly in the Web server.In order to define all the valid requests for anomaly detection and misuse detection,the techniques which observe the clients' access behavior relevancy and adjust their personal policies dynamically are employed.The experiments indicate that the proposed system can not only confirm the valid request but also defend the new attack behavior and detect the old attack event.Based on the proposed method,the detecting rate is over 95.8% under common attack scanning. |
| |
| Keywords: | intrusion detection Web attack anomaly misuse access behavior relevancy |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
