检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]华南理工大学计算机科学与工程学院,广州510640
出 处:《计算机科学》2006年第11期69-73,共5页Computer Science
基 金:"粤港关键领域重点突破项目"资助;项目编号:2005A10307007
摘 要:入侵检测描述语言是各种安全防护体系的核心,不仅影响到描述(检测)能力,而且影响执行效率。本文研究分析了国内外几种重要的入侵检测语言,提出了一种支持状态图复用的规则语言CLS。CLS简化了STATL的实现语义,通过组合状态图(实例)来达到同样的表达能力,以减少资源消耗,提高执行效率。CLS还针对网络入侵检测系统的需求,修改了STATL的状态、事件等静态语义元素,限制了其事件队列、代码块的功能,以简化实现。通过分析常见的网络协议层的攻击场景,我们建立了标准CLS扩展库,为用户进一步定制安全需求,提供了基本参考。The intrusion detection description language is the core component of various security protection systems. It determines the expressiveness (detecting ability) of a system and the running performance as well This paper investigates several major intrusion detection languages both at home and abroad and proposals a new language called CLS which supports state diagram reuse. CLS simplifies the semantic implementation of STATL through the composition of state diagrams (instances) to keep the expressiveness while reducing the resource cost and enhancing the running performance. CLS modifies some static semantic entities in STATL such as 'state' and 'event spec' and put some restrictions on ' event queue' and ' code block' in STATL in order to ease the implementation for network intrusion detection systems. Some scenarios of common attacks of network protocol layers are discussed and a standard CLS extension library is established, based on which users can design the actual security policy easily.
分 类 号:TP312[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.117