| 利用高精度时间戳提高入侵检测率 |
| |
| 引用本文: | 林果园,许峰,黄皓.利用高精度时间戳提高入侵检测率[J].系统仿真学报,2006,18(9):2672-2675. |
| |
| 作者姓名: | 林果园 许峰 黄皓 |
| |
| 作者单位: | 1. 南京大学计算机科学与技术系,软件新技术国家重点实验室,江苏,南京,210093;中国矿业大学计算机学院,江苏,徐州,221008
2. 南京大学计算机科学与技术系,软件新技术国家重点实验室,江苏,南京,210093 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划);江苏省自然科学基金;中国矿业大学校科研和教改项目 |
| |
| 摘 要: | 入侵检测系统(IDS)是重要的信息安全措施,如何提高检测率是目前入侵检测系统研究的热点。文章从入侵事件时间戳的角度,对提高检测率进行了讨论。首先论述了计算机系统获取高精度时间戳的方法,然后分析了入侵检测系统对日志、注册表、网络包事件的时间戳精度要求。最后,以注册表访问事件为例进行了仿真,实验证明这种高精度时间戳能有效识别事件顺序,在一定程度上提高了入侵检测系统的检测率。
|
| 关 键 词: | 高精度 时间戳 事件序列 入侵检测系统 检测率 |
| 文章编号: | 1004-731X(2006)09-2672-04 |
| 收稿时间: | 2005-07-14 |
| 修稿时间: | 2005-11-21 |
Improving Intrusion Detection Rate Using High Precision Time Stamps |
| |
| LIN Guo-yuan,XU Feng,HUANG Hao.Improving Intrusion Detection Rate Using High Precision Time Stamps[J].Journal of System Simulation,2006,18(9):2672-2675. |
| |
| Authors: | LIN Guo-yuan XU Feng HUANG Hao |
| |
| Abstract: | Intrusion Detection System (IDS) is one of important devices for information security. In this field, how to improve intrusion detection rate is a keystone issue. How to get higher intrusion detection rate on the view of Time Stamps in intrusion events was discussed. Firstly, some methods were addressed to seize high precision Time Stamps. Secondly, the precision requirement of Time Stamps was analyzed in detail on the log, registry events and network packets. Finally, the registry events were simulated and the experiment results were construed, which could identify events sequence effectively and intrusion detection rate to a certain extent was elevated. |
| |
| Keywords: | high precision time stamps events sequence intrusion detection system intrusion detection rate |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
