| 基于混合入侵检测技术的网络入侵检测方法 |
| |
| 引用本文: | 尹才荣,叶震,单国华,赵晓峰. 基于混合入侵检测技术的网络入侵检测方法[J]. 合肥工业大学学报(自然科学版), 2009, 32(1) |
| |
| 作者姓名: | 尹才荣 叶震 单国华 赵晓峰 |
| |
| 作者单位: | 合肥工业大学,计算机与信息学院,安徽,合肥,230009;合肥工业大学,计算机与信息学院,安徽,合肥,230009;合肥工业大学,计算机与信息学院,安徽,合肥,230009;合肥工业大学,计算机与信息学院,安徽,合肥,230009 |
| |
| 摘 要: | 总结了异常检测和误用检测的优缺点,结合其优点,并克服其缺点,提出了基于混合入侵检测技术的网络入侵检测系统模型.对于同一行为,异常检测结果和误用检测结果不总是一样的,跟踪算法有效地解决了异常检测结果与误用检测结果不完全相同的问题;采用了数据挖掘方法建立正常行为轮廓库,并采用了全序列比较法和相关函数法实现异常检测引擎;提出的模型较基于单一入侵检测技术的模型相比,具有更好的检测效果.
|
| 关 键 词: | 正常行为轮廓 跟踪 相似度 混合入侵检测技术 |
Research on network intrusion detection based on the hybrid intrusion detection technique |
| |
| YIN Cai-rong,YE Zhen,SHAN Guo-hua,ZHAO Xiao-feng. Research on network intrusion detection based on the hybrid intrusion detection technique[J]. Journal of Hefei University of Technology(Natural Science), 2009, 32(1) |
| |
| Authors: | YIN Cai-rong YE Zhen SHAN Guo-hua ZHAO Xiao-feng |
| |
| Abstract: | The advantages and disadvantages of anomaly detection and misuse detection are summarized,and a network intrusion detection system model based on the hybrid intrusion detection technique is proposed by combining the advantages and overcoming the shortcomings.The results of anomaly detection and misuse detection are not always same for one action.The tracking algorithm in the paper effectively solves the problem that the results of anomaly detection and misuse detection are not same entirely.In the model,the normal behavior profiles are established through the data mining method and the anomaly detection engine is realized through entire sequence comparison and the correlation function.The model in the paper is better than the model based on a single intrusion detection technology in detection results. |
| |
| Keywords: | normal behavior profile tracking similarity hybrid intrusion detection technique |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
