检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:王伟[1] 陈秀真[1] 管晓宏[1] 张响亮[1]
机构地区:[1]西安交通大学电子与信息工程学院,西安710049
出 处:《西安交通大学学报》2005年第4期339-342,346,共5页Journal of Xi'an Jiaotong University
基 金:国家杰出青年科学基金资助项目(6970025);国家自然科学基金资助项目(60243001);国家高技术研究发展计划资助项目(2001AA140213;2003AA142060).
摘 要:为了全面检测黑客入侵和有效提高检测精度,提出了一种深度防卫的自适应入侵检测系统模型.该模型按照黑客入侵对系统影响的一般顺序,使用不同方法对网络行为、用户行为和系统行为3个层次涉及到的网络数据包、键盘输入、命令序列、审计日志、文件系统和系统调用进行异常检测,并利用信息融合技术来融合不同检测器的检测结果,从而得到合理的入侵判定.在此基础上,提出了系统安全风险评估方法,并由此制定了一种简单、高效的自适应入侵检测策略.初步实验结果表明,所提的深度防卫自适应入侵检测模型能够全面、有效地检测系统的异常行为,可以自适应地动态调整系统安全与系统性能之间的平衡,具有检测精度高、系统资源消耗小的优点.Aiming at detecting intrusions across-the-board and at improving detection accuracy, a novel model of defense-in-depth adaptive intrusion detection system (IDS) was presented. In this model, the behaviors in a computer system are monitored according to the general order of the impact of the attacks and divided into three layers including network behaviors, user behaviors and system behaviors. Various methods are then applied to process the data streams from network packages, keystrokes, audit trails, command sequences, file system and system calls obtained in the three layers for intrusion detection. The monitoring decision on intrusion is made by combining the six individual inferences based on information fusion technique. Based on the risk assessment method proposed in this paper, an efficient adaptive policy is drawn as well for IDS to reduce the expense of system resources. The model is tested and the results show that the model presented is effective to detect intrusions and to balance the system security and performance adaptively and dynamically. The model is promising as well in terms of detection accuracy, system resource requirement and implementation in practice.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.36
