| 基于攻击分类的异构检测引擎构建技术 |
| |
| 引用本文: | 赵蓓,胡昌振. 基于攻击分类的异构检测引擎构建技术[J]. 科技导报(北京), 2007, 25(7): 5-9 |
| |
| 作者姓名: | 赵蓓 胡昌振 |
| |
| 作者单位: | 北京理工大学网络安全与信息对抗技术研究中心,北京,100081;装备指挥技术学院信息装备系计算机应用技术教研室,北京,101416;北京理工大学网络安全与信息对抗技术研究中心,北京,100081 |
| |
| 摘 要: | 由于攻击的复杂性,单一的检测技术难以具有全面的攻击检测能力。具有多检测引擎的入侵检测系统能够克服单一检测技术的检测局限性。但是目前的多检测引擎构建技术缺乏有关检测功能划分的理论指导。本文基于攻击的检测者观点,提出了基于检测特征的攻击分类方法,将攻击按照检测特征分为5个基础类。在此基础上,构建以攻击分类为基础的具有异构检测引擎的入侵检测系统框架。实验表明,该框架可以有效地检测各类攻击,并具有较好的变形攻击检测能力。
|
| 关 键 词: | 攻击分类 检测特征 异构检测引擎 |
| 文章编号: | 1000-7857(2007)07-0005-05 |
| 修稿时间: | 2007-03-05 |
A Detection-centered Classification of Network Attacks |
| |
| ZHAO Bei,HU Changzhen. A Detection-centered Classification of Network Attacks[J]. Science & Technology Review, 2007, 25(7): 5-9 |
| |
| Authors: | ZHAO Bei HU Changzhen |
| |
| Abstract: | An intrusion detection system with multi detection engines could overcome the limitations of one with a single detection engine. But up to now, the methodology dealing with network attacks lacks theoretical guidelines for the partition of the inference function. From the detector's point of view, this paper proposes a detection-centered methodology dealing with network attacks. Network attacks can, therefore, be divided into five categories: character string attack, overflow attack, repeating attack, multi-step attack and multi-stage attack. An intrusion detection system with isomerous detection engines is built on that basis. Experiments show that it can avoid the deficiencies of existing detection methods. |
| |
| Keywords: | network attack classification detection-centric isomerous detection engine |
| 本文献已被 维普 万方数据 等数据库收录! |
|
