自动入侵响应决策技术的研究综述  被引量：5

作　　者：穆成坡[1] 黄厚宽[2] 田盛丰[2] 李向军[2] 

机构地区：[1]北京理工大学宇航科学技术学院,北京100081 [2]北京交通大学计算机与信息技术学院,北京100044

出　　处：《计算机研究与发展》2008年第8期1290-1298,共9页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(60442002);2008江西省教育厅科技计划基金项目(GJJ08036)~~

摘　　要：简要介绍了自动入侵响应系统的作用和重要性.对自动入侵响应决策技术所涉及的相关问题进行了层次化的划分.阐述了入侵响应目的与策略在入侵相应决策中的作用及其研究状况.对已有自动入侵响应系统中的响应决策因素进行了介绍,分析了响应因素在决策中的作用,并对这些响应因素进行了分类.提出了入侵响应时机的概念,重点讨论了现有各种入侵响应时机决策模型和入侵响应措施决策模型,并对这些模型的特点和存在的问题进行了分析.介绍了入侵检测报警管理与入侵响应系统IDAM&IRS的体系结构、响应时机决策方法、响应措施决策方法和实验情况,并阐述了IDAM&IRS的主要特点.最后,总结了自动入侵响应决策技术的发展方向.Abstract Automated intrusion response system and its significances are briefly introduced in this paper. The intrusion response-decision making is one of the critical techniques of automated intrusion response systems. A hierarchical architecture about intrusion response decision-making problems is presented. The roles of response goal.~ and response strategies in an intrusion response decision- making process are discussed, meanwhile their related work is introduced. Intrusion response decision-making factors are used in decision-making models and directly influence the results of intrusion decision-making models. The decision-making factors in the latest existing intrusion decision-making mechanisms are reviewed, and it is pointed out that some of these factors are not properly used in a few of existing decision-making models. In order to choose proper factors in an intrusion response decision-making model, a taxonomy of response decision-making factors is given. The existing models of intrusion response measure decision-making are presented, and their features and problems of these models are discussed in detail. The concept and idea of intrusion response time decision-making are proposed, and at the same time, a few of intrusion response time decision-making models are introduced. The architecture, response time decision-making model, response measure decision-making model and experiments of the intrusion detection alert management ~ intrusion response system （IDAM＆IRS） developed by the authors are shown. In addition, its features are described. Finally the development trends of response decision-making are summarized.

关 键 词：自动入侵响应系统 入侵响应决策 入侵检测 报警处理 网络安全 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]